Offtopic - New Compliance Package - NCA CCC

The National Cybersecurity Authority (NCA) in Saudi Arabia has released the Cloud Cybersecurity Controls (CCC) to extend and complement their existing Essential Cybersecurity Controls (ECC) requirements.

Key highlights:

  • The CCC contains controls across 4 main domains - governance, defense, resilience and third party security. There are a total of 96 controls for Cloud Service Providers and 26 for Cloud Service Tenants.
  • The goal is to establish minimum cybersecurity requirements for cloud computing services in Saudi Arabia, protecting confidentiality, integrity and availability of data.
  • It applies to government organizations, critical infrastructure organizations, and private sector organizations owning/operating critical national infrastructure that use cloud services.
  • Key areas covered include risk management, identity and access management, data protection, encryption, vulnerability management, incident response, and more.
  • The CCC aligns with Saudi laws and regulations as well as international standards and common industry practices for cloud security.
  • Compliance is mandated for cloud service providers and tenants within the scope of the CCC, under NCA’s authority and related royal decrees.
  • Implementation timelines and compliance assessments will be determined by NCA. Organizations are encouraged to use the CCC to follow cybersecurity best practices.
  • The controls complement the existing ECC requirements, providing an extension focused on the unique aspects of cloud computing security and risk management.

Where can I find the NCA ECC and NCA CCC packages?
I can’t find them on the website
Thank you

did you try here? Compliance Management | Eramba learning portal

Yes, I did not found them.
I only found the SAMA packages.
Thank you for your help and attention.