NCA ECC Compliance

Protect the National Security Infrastructure of Government

NCA ECC Compliance

The National Cyber Security Authority (NCA) of Saudi Arabia developed the Essential Cyber Security Controls in the year 2018. It was developed after a comprehensive study of various national and international Cyber Security Frameworks and Standards. The NCA ECC was developed to ensure organizations maintain and support the Cyber Security initiative to protect the interests, national security, critical infrastructure, and government services. It was developed with an aim to set minimum Cyber Security requirements for information and technology assets in organizations of Saudi Arabia. The controls requirements developed are based on industry-leading practices which intend to help organizations minimize Cyber Security Risks. The Essential Cyber Security Controls (ECC) comprises-

1. 5 Cyber Security Main Domains.

2. 29 Cyber Security Sub-Domains.

3. 114 Cyber Security Controls.

The controls outlined were developed after a comprehensive review of all the legal, regulatory requirements, global Cyber Security best practices analysis of Cyber Security incidents, and attacks on government establishments, and considering opinions of various prominent business firms of the country. In addition to the ECC Standard, the National Cyber Security Authority of Saudi Arabia introduced Critical Systems Cyber Security Controls (CSCC) in the year 2019. The NCA CSCC mandates the minimum Cyber Security requirements for critical systems within national organizations.

Enquire

Free One Session of Consultation.

I agree to receiving further information about VISTA InfoSec and give consent to the handling of my information.

Our Approach to NCA ECC Compliance

Initial Study

We conduct an initial study of your business and understand your growth plans, current pain areas, and business goals. This will enable us to consolidate the Cloud scope thereby helping you reduce cost and time of rollout.

Scope Definition

Our team will help you identify and understand appropriate cloud platform models: IAAS, PAAS, SAAS, etc. We further support your management in Scope Definition which includes setting timelines, responsibilities, and budget for the implementation.

Data Flow Analysis

We identify all point of presence of your data in the Cloud and further map who accesses or can access your sensitive data. We also document the geographical distribution of your data.

Why work with VISTA InfoSec?

Vendor Neutral Solution- We provide a vendor-neutral assessment of your public/private/hybrid cloud options.
Industry Expertise- We will share industry-specific insight and provide relevant recommendations for achieving your goals of compliance.
Years of Experience- Your organization will benefit from our decade long years of Industry experience and knowledge.
Benchmark Standards- Using well-accepted benchmarks from CSA and NIST, we help organizations assess and secure their Cloud strategies.
International Frameworks- Using globally recommended frameworks from NIST, ENISA, CCM, we help organizations manage risks.
Robust Security & Risk Management Solution- Our state-of-the-art assessment framework effectively helps identify and mitigate infrastructure based risks on the cloud in context to insider access, ancillary data, software isolation, and availability.
Report Detailing the Analysis Finding- We will provide you documents detailing the findings of the analysis and provide relevant recommendations for the same.
Assessment & Certification- We also provide C-Star assessment and certification.
Strictly No Outsourcing- We value your trust in us so we do not outsource your critical assignments to another third party.

Frequently Asked Questions on NCA ECC Compliance

What is NCA?

The National Cyber Security Authority (NCA) is Saudi Arabia’s competent national entity responsible for boosting Cyber Security and protecting vital interests, national security, and sensitive infrastructure.

What is the NCA ECC?

The National Cyber Security Authority (NCA) of Saudi Arabia introduced the Essential Cyber Security Controls to establish a strong security framework and ensure organizations maintain and support the Cyber Security initiative to protect the national security, critical infrastructure, high priority sectors, and government services.

Who should comply with the NCA ECC?

The NCA ECC applies to government organizations in Saudi Arabia, including ministries, authorities, establishments, companies, entities, and private sector organizations owning, operating, or hosting Critical National Infrastructures (CNIs).

What does NCA ECC cover?

The Essential Cyber Security Controls consist of 5 Cyber Security main domains, 29 Cyber Security subdomains, 114 Cyber Security controls. The ECC main domains are:
• Cyber Security Governance
• Cyber Security Defense
• Cyber Security Resilience
• Third-Party and Cloud Computing Cyber Security.
• Industrial Control Systems (ICS) Cyber Security

How much would it cost for implementing NCA ECC?

Depending on the scope, a basic assessment including Gap Analysis should cost around $12000.