Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Saudi Arabia: NCA issues Cloud Cybersecurity Controls

The National Cybersecurity Authority ('NCA') issued, on 15 October 2020, its Cloud Cybersecurity Controls ('CCC') which aim to enhance the reliability of cloud computing services by providing secure cloud computing services that help withstand various cyber threats. In particular, the NCA noted that the CCC applies to cloud service providers and cloud service tenants which constitute any government organisation in the Kingdom of Saudi Arabia inside or outside the Kingdom and its companies and entities, as well as private sector organisations owning, operating, or hosting critical national infrastructures that currently use or are planning to use any cloud service. In addition, the NCA strongly encouraged all other organisations to leverage these controls to implement best practices to improve and enhance their cloud cybersecurity.

Moreover, the NCA outlined that it had developed the CCC methodology and mapping annex document and that the CCC methodology and mapping annex document includes design principles of the CCC, its relationship to other international standards, main domains and subdomains structure of the CCC, domains mapping to international standards, control mapping to international standards, ECC/CCC subdomain mapping, and control applicability on different cloud service models such as Iaas, PaaS, SaaS.

You can read the press release, only available in Arabic, here, and the CCC here.