Governance Risk Compliance ECC - 2018

ECC - 2018



The Kingdom of Saudi Arabia, as part of the Saudi Vision 2030 has developed and promulgated the Essential Cybersecurity Controls (ECC). These measures aim to help government and government-affiliated organizations enhance their cybersecurity posture.

National Cybersecurity Authority developed the Essential Cybersecurity Controls (ECC-1: 2018) to set the minimum cybersecurity requirements for national organizations that are within its scope of ECC implementation. The Essential Cybersecurity Controls consist of the following: 5 Cybersecurity Main Domains, 29 Cybersecurity Subdomains, 114 Cybersecurity Controls. And are organized into five main domains:

  • Governance
  • Defense
  • Resilience
  • Third-Party and Cloud Computing, and
  • ICS Cybersecurity

The document includes 114 controls designed to ensure the confidentiality, integrity and availability of an organization’s information and technology assets. They revolve around the four pillars of people, technology, processes and strategy. These cybersecurity controls are linked to related national and international law and regulatory requirements. Government entities (and their affiliates) must comply with the above controls as stated in line with the Sudi Vision 2030.

Speak to one of our experts