NCA ECC
Essential Cybersecurity Controls
NCA's mandatory baseline controls — cover governance, defense, resilience, and third-party security for government and critical entities.
Aligned with
10 Saudi Arabia cybersecurity & compliance frameworks
We build cybersecurity programs aligned with Saudi regulators and energy-sector mandates — from NCA controls to Saudi Aramco's vendor standards.
NCA CCC
Critical Cybersecurity Controls
Stricter NCA controls for sensitive systems and critical national infrastructure — extend ECC with enhanced resilience requirements.
NCA OTCC
OT Cybersecurity Controls
NCA framework for industrial control systems, SCADA, and OT environments — protects manufacturing, energy, and utilities.
NCA CSCC
Cloud Service Providers Controls
Mandatory cybersecurity controls for cloud service providers operating in Saudi Arabia.
SAMA CSF
Saudi Central Bank Cyber Framework
Cybersecurity framework for Saudi banks, insurers, and financial institutions regulated by SAMA.
PDPL
Personal Data Protection Law
Saudi data privacy law (2021) by SDAIA — governs collection, processing, and cross-border transfer of personal data.
NDMO
National Data Management Office
SDAIA framework for data governance, quality, classification, and lifecycle management across the Saudi public sector.
SACS-002
Aramco Third-Party Cybersecurity
Mandatory third-party standard for vendors connecting to Saudi Aramco — covers ICS/OT, secure remote access, segmentation, and audit logging.
Aramco CCC
Aramco Cybersecurity Compliance Cert.
Saudi Aramco vendor certification — required for contract eligibility and operational connectivity to Aramco environments.
Aramco CCC+
Aramco Compliance Cert. Plus
Enhanced tier of Aramco CCC with stricter assessment and continuous monitoring — typically for vendors with privileged access or OT touchpoints.