Governance Risk Compliance ECC - 2018

ECC - 2018



The Kingdom of Saudi Arabia, as part of the Saudi Vision 2030, has developed and promulgated the Essential Cybersecurity Controls (ECC).

National Cybersecurity Authority developed the Essential Cybersecurity Controls (ECC-1: 2018) to set the minimum cybersecurity requirements for national organisations that are within its scope of ECC implementation. The Essential Cybersecurity Controls consist of the following: 5 Cybersecurity Main Domains, 29 Cybersecurity Subdomains, 114 Cybersecurity Controls. And are organised into five main domains:

  • Governance
  • Defense
  • Resilience
  • Third-Party and Cloud Computing, and ICS Cybersecurity


The document includes 114 controls designed to ensure the confidentiality, integrity and availability of an organisation’s information and technology assets. They revolve around the four pillars of people, technology, processes and strategy. These cybersecurity controls are linked to related national and international law and regulatory requirements. Government entities (and their affiliates) must comply with the above controls as stated in line with the Sudi Vision 2030.

Speak to one of our experts