framework2024
Cloud Cybersecurity Controls (CCC-2: 2024)
The Cloud Cybersecurity Controls (CCC-2: 2024) framework, issued by the NCA of Saudi Arabia, outlines cybersecurity controls for cloud services. It aims to establish a baseline for cloud security practices within the Kingdom, updating the previous version (CCC-1: 2020) to reflect current cybersecurity requirements and industry updates. The Arabic version of the document is the binding version.
cloud securitycybersecurity frameworkregulatory compliance
guidance
Cloud Cybersecurity Controls Implementation Guide for CSPs
This document, the "Cloud Cybersecurity Controls Implementation Guide for CSPs (GCCC-CSP)", provides guidance to Cloud Service Providers (CSPs) on implementing cybersecurity controls. It outlines a structure of cybersecurity domains and subdomains, offering implementation guidance to enhance the security posture of CSPs operating within Saudi Arabia.
Cloud SecurityCybersecurity GovernanceRisk ManagementAccess Management
guidance
Cloud Cybersecurity Controls Implementation Guide for CSTs
This document, titled "Cloud Cybersecurity Controls Implementation Guide for CSTs (GCCC-CST)," provides guidance on implementing cloud cybersecurity controls for cloud service tenants in Saudi Arabia. It outlines objectives, scope, and applicability, covering various cybersecurity domains and their structure to ensure a secure cloud environment. The guide aims to help tenants understand and implement necessary security measures.
Cloud SecurityCybersecurity GovernanceRisk ManagementAccess Management
framework2024
Essential Cybersecurity Controls (ECC-2: 2024)
The Essential Cybersecurity Controls (ECC-2: 2024) framework, issued by the National Cybersecurity Authority (NCA) of Saudi Arabia, provides a set of cybersecurity controls. It aims to protect organizations from cyber threats and ensure compliance with national cybersecurity standards. The Arabic version of the document is the binding language.
cybersecurityrisk managementcompliance
framework2022
Operational Technology Cybersecurity Controls (OTCC-1: 2022)
The Operational Technology Cybersecurity Controls (OTCC-1: 2022) framework, issued by the National Cybersecurity Authority (NCA) in Saudi Arabia, establishes cybersecurity controls for Industrial Control Systems (ICS). It aims to address the increasing cyber threats targeting these systems and provides a structured approach to implementing and monitoring cybersecurity measures within the Kingdom.
Operational TechnologyCybersecurityIndustrial Control SystemsRisk Management
framework2021
Telework Cybersecurity Controls (TCC-1: 2021)
The Telework Cybersecurity Controls (TCC-1: 2021) framework, issued by the NCA in Saudi Arabia, establishes cybersecurity requirements for telework systems to mitigate increasing threats and cyber risks associated with remote work environments. It aims to promote economic development and productivity by enabling secure telework practices in accordance with Saudi Arabian laws. The Arabic version of the document is the binding version.
cybersecurityteleworkrisk managementcompliance
framework2019
Critical Systems Cybersecurity Controls (CSCC-1: 2019)
The Critical Systems Cybersecurity Controls (CSCC-1: 2019) framework, issued by the NCA of Saudi Arabia, outlines cybersecurity controls for critical systems. It provides a structure for establishing and maintaining cybersecurity governance, defense, and resilience, including third-party and cloud computing considerations. The framework aims to protect critical infrastructure and sensitive data within the Kingdom.
cybersecuritycritical infrastructuregovernanceresilience
guidance
Critical Systems Cybersecurity Controls Implementation Guidelines
This document provides guidelines for implementing cybersecurity controls for critical systems in Saudi Arabia. It outlines general guidelines and specific controls related to cybersecurity governance, risk management, and resilience. The document aims to help organizations protect their critical systems from cyber threats and ensure business continuity.
cybersecurityrisk managementcritical infrastructuregovernance
framework2022
Data Cybersecurity Controls (DCC-1: 2022)
The Data Cybersecurity Controls (DCC-1: 2022) framework, issued by the NCA in Saudi Arabia, establishes cybersecurity controls for data protection. It outlines requirements for cybersecurity governance, defense, and third-party/cloud computing cybersecurity. The framework aims to safeguard data assets in accordance with Saudi Arabian laws and regulations.
cybersecurity governancedata protectioncloud securitythird-party risk
guidance
Guide to Essential Cybersecurity Controls (ECC) Implementation
This document, issued by the National Cybersecurity Authority (NCA) of Saudi Arabia, provides guidance for organizations on implementing the Essential Cybersecurity Controls (ECC). It serves as an illustrative model to help organizations meet ECC requirements, while emphasizing the need to consider their unique environments. The document outlines the ECC domains and structure to aid in implementation.
cybersecurity controlsrisk managementregulatory compliance
guidance
Operational Technology Cybersecurity Controls Implementation Guide
This document, titled "Operational Technology Cybersecurity Controls Implementation Guide," provides guidance on implementing cybersecurity controls for Operational Technology (OT) environments. It outlines general guidelines and specific controls related to cybersecurity governance. The document is intended for public use and aims to improve OT cybersecurity posture.
operational technologycybersecuritygovernance