Offtopic - New Compliance Package - NCA ECC

We have released a compliance package for implementing the Essential Cybersecurity Controls (ECC) mandated by the National Cybersecurity Authority in Saudi Arabia.


  • The document lays out 114 cybersecurity controls across 5 main domains - governance, defense, resilience, third party/cloud, and industrial control systems. The controls cover strategy, people, processes and technology.
  • The controls apply to government organizations, critical infrastructure organizations, and other private sector organizations owning/operating critical national infrastructure in Saudi Arabia.
  • Compliance is mandated under NCA’s authority and related royal decrees in Saudi Arabia.
  • The goal is to set minimum cybersecurity requirements for organizations in KSA to protect confidentiality, integrity and availability of their information and technology assets.
  • It applies to government entities, critical infrastructure organizations, and encourages adoption by all KSA organizations. Compliance is mandated for in-scope organizations.
  • The controls address aspects like governance, risk management, identity management, data protection, incident response, awareness training, third party risk, and more.
  • Implementation requirements consider related laws and regulations in KSA and internationally.

1 Like


The link is unreachable, do you have an idea why?

Thank you


Which link? I just tested and both are working for me.

The notes link