National Cybersecurity Authority Compliance
Ensure compliance with the NCA’s Essential Cybersecurity Controls Standard (ECC-1)
The National Cybersecurity Authority (NCA) is Saudi Arabia’s competent national entity responsible for boosting the cybersecurity of the kingdom and protecting its vital interests, national security and sensitive infrastructure.
The authority was established on 31 October 2017 by royal decree, and linked to the office of the king, with a mandate that includes but is not limited to “drafting the national strategy for cybersecurity and overseeing its implementation; cybersecurity frameworks, controls, and compliance; building and operating cybersecurity operation centers; developing human capabilities in cybersecurity; raising awareness on cybersecurity; stimulating growth of the cybersecurity sector and encouraging innovation and investment therein; and establishing ties with similar agencies abroad and private entities for the mutual exchange of knowledge and expertise in cybersecurity.”
As a key step in meeting this mandate, the authority established the Essential Cybersecurity Controls (ECC-1: 2018) to set the minimum cybersecurity requirements for national organizations
WHAT DOES THE NCA ECC COVER?
The ECC main domains are: