Saudi Gazette report

RIYADH —The National Cybersecurity Authority (NCA) has issued the core cyber security controls document for minimum standards to be applied in various national agencies to reduce the risk of cyber threats.

This is aimed at enhancing the Kingdom’s cyber security as well as the security of its vital economic and national interests.

These controls are based on five core components of governance, strengthening and consolidating cyber security, enhancing external cyber security, in addition to cloud computing, and industrial control systems, the Saudi Press Agency reported.

These regulations, which were issued in view of the status of NCA as the competent authority for cyber security in the Kingdom, are applicable to both the government and private entities.

These are in accordance with the authority’s mandate to develop policies, governance mechanisms, frameworks, standards and guidelines related to cyber security to protect networks, systems and electronic data.

It’s implementation is mandatory for all government agencies, including ministries, agencies and institutions and their affiliates, as well as for private sector entities that own or operate sensitive national infrastructure.

This was pursuant to a royal decree issued on July 23 (10 Dhul Qada 1439) that stressed that all government agencies should upgrade their cyber security to protect their networks, systems and electronic data, and abide by policies, frameworks, standards and guidelines issued by NCA.

The government departments have also been instructed to abide by the policies, frameworks, criteria, guidelines and regulations issued by the authority in this regard.

The NCA has prepared a mechanism to evaluate and measure how far the government and private agencies are committed to abide by these regulations, as well as to assess periodically the status of commitment by various entities.

The authority also encourages other agencies in the Kingdom to take advantage of these regulations so as to apply best practices in terms of improving and developing cyber security within these entities.