18 December, 2019

Security Publication

Link

The National Cybersecurity Authority has developed and released the “Essential Cybersecurity Controls”, that when implemented enable organizations to meet the minimum cyber security requirements in the Kingdom of Saudi Arabia.

These controls are based on best practices and standards. When properly implemented these Essential Cybersecurity Controls will significantly reduce cyber risks that may be potentially harmful to information and technical assets.

They are 114 core controls for cybersecurity, divided into five main components:

Cybersecurity Governance.

Enhanced Cybersecurity.

Cybersecurity Resilience.

Cybersecurity Related to Third Parties and Cloud Computing.

Cybersecurity for Industrial Control Systems.

The ECCs are mandatory, where all organizations within the scope of these controls must implement what maintains the permanent and continuous commitment to these controls.

Essential Cybersecurity Controls

Please use the digital verification codes below to ensure the integrity of the ECC file:

MD5: a326e6d2858f7d4085142296c19abb58

SHA256: 19a0c9398bf78a3dddc131021ed927b36cf0e1b7f2f6d306146e994f13d4b7f9

Assessment and Compliance Tool

Please use the digital verification codes below to ensure the integrity of the Assessment and Compliance Tool file:

MD5: 212dd0984689d9a06edfc4b1ca73b3c9

SHA256: ebd00db7182c0bafb5383cdabf4438af5249abe107730d95878583a04ea46e47