NCA ECC Compliance

The National Cyber Security Authority (NCA) of Saudi Arabia developed the Essential Cyber Security Controls in the year 2018. It was developed after a comprehensive study of various national and international Cyber Security Frameworks and Standards. The NCA ECC was developed to ensure organizations maintain and support the Cyber Security initiative to protect the interests, national security, critical infrastructure, and government services. It was developed with an aim to set minimum Cyber Security requirements for information and technology assets in organizations of Saudi Arabia. The controls requirements developed are based on industry-leading practices which intend to help organizations minimize Cyber Security Risks. The Essential Cyber Security Controls (ECC) comprises-

1. 5 Cyber Security Main Domains.

2. 29 Cyber Security Sub-Domains.

3. 114 Cyber Security Controls.

The controls outlined were developed after a comprehensive review of all the legal, regulatory requirements, global Cyber Security best practices analysis of Cyber Security incidents, and attacks on government establishments, and considering opinions of various prominent business firms of the country. In addition to the ECC Standard, the National Cyber Security Authority of Saudi Arabia introduced Critical Systems Cyber Security Controls (CSCC) in the year 2019. The NCA CSCC mandates the minimum Cyber Security requirements for critical systems within national organizations.