What is NCA ECC ?
The Essential Cybersecurity Controls (ECC) are published by Saudi Arabia's National Cybersecurity Authority (NCA). This framework defines 108 mandatory cybersecurity controls for all government entities, critical infrastructure, and designated private sector organizations. Controls are organized in 5 domains: Cybersecurity Governance, Cybersecurity Defense, Cybersecurity Resilience, Third-Party and Cloud Cybersecurity, and Industrial Control Systems (ICS) Cybersecurity. The NCA conducts regular compliance assessments.
Key Points
- 5 domains: Governance, Defense, Resilience, Cloud/Third-Party, and Industrial Control Systems (ICS)
- 108 mandatory controls for government entities and critical infrastructure
- Regular compliance assessments conducted by the NCA
- Specific requirements for cloud computing security and third-party management
- Specific ICS controls for energy, water, and transportation sectors
Why Zaxyr
Zaxyr integrates all 108 NCA ECC controls and enables Saudi organizations to assess their compliance with bilingual dashboards (Arabic and English). The platform provides native mapping to ISO 27001 and NIST CSF, facilitating alignment with international standards while meeting national requirements.