NCA Essential Cybersecurity Controls
National Cybersecurity Authority's mandatory security controls for Saudi government entities and critical infrastructure operators.
Get ECC AssessmentWhat is NCA ECC?
The Essential Cybersecurity Controls (ECC) is a framework developed by Saudi Arabia's National Cybersecurity Authority (NCA). It establishes minimum cybersecurity requirements for government entities and organizations operating critical national infrastructure.
Who Must Comply?
All Saudi government entities, semi-government organizations, and private sector companies operating critical national infrastructure must implement ECC controls.
ECC Domains
Cybersecurity Governance
5 ControlsPolicies, procedures, and organizational structure for cybersecurity
Cybersecurity Defense
9 ControlsTechnical controls for protecting systems and data
Cybersecurity Resilience
4 ControlsBusiness continuity and disaster recovery capabilities
Third-Party Cybersecurity
2 ControlsManaging security risks from vendors and partners
ICS/OT Cybersecurity
6 ControlsIndustrial control system specific requirements
Key ECC Requirements for Cloud
When using cloud services, organizations must ensure their cloud environment meets all applicable ECC controls.
- Cybersecurity risk assessment
- Security awareness training
- Identity and access management
- Cryptographic controls
- Network security
- Mobile device management
- Secure configuration
- Vulnerability management
Our ECC Services
ECC Gap Assessment
Evaluate compliance against all 26 controls
Control Implementation
Deploy technical security controls
Compliance Monitoring
Continuous assessment and reporting
Achieve NCA ECC Compliance
Meet all 26 Essential Cybersecurity Controls with our expert implementation services.
Schedule Consultation