Laws & RegulationsNCA ECC
In Forcecross-sectorECC-1:2018
Essential Cybersecurity Controls (ECC)
Also known as: NCA ECC
The NCA Essential Cybersecurity Controls establish 114 mandatory cybersecurity controls for Saudi government entities and organizations of national importance. They cover governance, defense, resilience, third-party risk, industrial control systems, and cryptography.
Jurisdiction
Saudi Arabia
Regulator
National Cybersecurity Authority
Effective
1/1/2018
Sector
cross-sector
Full Text / Summary
The ECC framework has 5 main domains: (1) Cybersecurity Governance — 29 controls covering strategy, policies, roles, risk management, compliance; (2) Cybersecurity Defense — 49 controls covering asset management, identity management, access control, vulnerability management, change management, network security, endpoint security, email security, web security, application security, data protection, cryptography, physical security, cloud security, industrial control systems; (3) Cybersecurity Resilience — 14 controls covering backup, recovery, business continuity; (4) Third-party and Cloud Cybersecurity — 11 controls; (5) Industrial Control Systems Cybersecurity — 11 controls.