Kingdom of Saudi Arabia (KSA) Essential Cybersecurity Controls (ECC)
Disclaimer: Organizations are not required as a matter of law to comply with this document, unless legislation, or a direction given under legislation or by some other lawful authority, compels them to comply. This document does not override any obligations imposed by legislation or law. Furthermore, if this document conflicts with legislation or law, the latter takes precedence.
The National Cybersecurity Authority (NCA) within the Kingdom of Saudi Arabia (KSA) produces, and will periodically update, the Essential Cybersecurity Controls (ECC). The objective of the NCA is to ensure organizations maintain and support the cybersecurity of the Kingdom to protect its interests, national security, critical infrastructure, high-priority sectors, and government services. The main objective of the controls within the ECC is to set the minimum cybersecurity requirements for information and technology assets in organizations within the Kingdom. The requirements are based on industry-leading practices which intend to help organizations minimize cybersecurity risks that originate from internal and external threats.
The published ECC cover the following key objectives:
- Confidentiality
- Integrity
- Availability
The controls cover the following cybersecurity pillars:
- Strategy
- People
- Processes
- Technology
All organizations within the Kingdom are highly encouraged to implement all controls associated with the ECC framework to improve and enhance their cybersecurity. All national organizations (including private sector organizations owning, operating, or hosting Critical National Infrastructures (CNI's), must implement all necessary measures to ensure continuous compliance with the ECC as per item 3 of article 10 of NCA’s mandate and as per the Royal Decree number 57231, dated 10/11/1439H (June 25th, 2018). More detailed information on the ECC may be found here.
The LogRhythm platform enables your organization to meet many ECC guidelines by collecting, managing, and analyzing log data. LogRhythm AI Engine (AIE) rules, alarms, reports, investigations, and general SIEM functionality also help your organization satisfy certain controls outlined by the ECC.
LogRhythm understands that organizations may be at different points of compliance maturity, so the KSA-ECC module gives organizations the flexibility to realize value at any point along that maturity scale. The KSA-ECC module is focused on the control requirements traditionally used for best practice purposes. LogRhythm supports some ECC recommendations and decreases the cost of meeting others through pre-built content and functionality. Using advanced LogRhythm functionality such as NetMon, TrueIdentity, SysMon, Threat Research content, and Case Management may enhance pre-built content to better support an organization's compliance efforts.
IT environments consist of heterogeneous devices, systems, and applications—all reporting log data. Millions of individual log entries can be generated daily, if not hourly. The task of organizing this information can be overwhelming. Additional recommendations to analyze and report on log data render manual processes or homegrown remedies inadequate and cost-prohibitive for many organizations. LogRhythm delivers log collection, archiving, and recovery across the entire IT infrastructure and automates the first level of log analysis. Log data is categorized, identified, and normalized for easy analysis and reporting. LogRhythm’s powerful alerting capabilities automatically identify the most critical issues and notify relevant personnel. The KSA-ECC module and associated reporting package work out of the box with some level of customization available. Utilizing the KSA-ECC module assists in building and maintaining a sound compliance program.
This guide has below-given parts: