Skip to content
ZxR Cyber Sentinel 4.1 is available — Discover our AI models
NCA ECCRegulationMENAMandatory

NCA ECC

Authority : NCA Saudi Arabia
108 contrôles
Overview

What is NCA ECC ?

The Essential Cybersecurity Controls (ECC) are published by Saudi Arabia's National Cybersecurity Authority (NCA). This framework defines 108 mandatory cybersecurity controls for all government entities, critical infrastructure, and designated private sector organizations. Controls are organized in 5 domains: Cybersecurity Governance, Cybersecurity Defense, Cybersecurity Resilience, Third-Party and Cloud Cybersecurity, and Industrial Control Systems (ICS) Cybersecurity. The NCA conducts regular compliance assessments.

Key Points

  • 5 domains: Governance, Defense, Resilience, Cloud/Third-Party, and Industrial Control Systems (ICS)
  • 108 mandatory controls for government entities and critical infrastructure
  • Regular compliance assessments conducted by the NCA
  • Specific requirements for cloud computing security and third-party management
  • Specific ICS controls for energy, water, and transportation sectors

Why Zaxyr

Zaxyr integrates all 108 NCA ECC controls and enables Saudi organizations to assess their compliance with bilingual dashboards (Arabic and English). The platform provides native mapping to ISO 27001 and NIST CSF, facilitating alignment with international standards while meeting national requirements.

Start Your Compliance Journey

Get a personalized compliance assessment. Our team will guide you through.