What is NESA ?
NESA (National Electronic Security Authority) standards define electronic security requirements for the United Arab Emirates. The framework includes 188 controls organized in 12 domains covering security strategy, asset management, human resource security, physical security, security operations, access management, cryptography, network security, incident management, business continuity, compliance, and information system security. It applies to government entities and organizations designated by the UAE government.
Key Points
- 188 controls across 12 domains covering all aspects of electronic security
- Applicable to UAE federal and local government entities
- Data classification requirements and protection based on sensitivity level
- Mandatory security incident notification to the UAE CERT (aeCERT)
- Periodic compliance assessments with maturity levels
Why Zaxyr
Zaxyr integrates all 188 NESA controls and enables UAE organizations to assess and track their compliance. The platform provides native mapping to ISO 27001 and NCA ECC, facilitating compliance management for organizations operating across multiple Gulf countries.