NCA Issues ‘Cybersecurity Controls for Private Sector Entities Without Critical Infrastructure’

The National Cybersecurity Authority (NCA) has issued a document titled “Cybersecurity Controls for Private Sector Entities Without Critical Infrastructure”.

The document aims to establish minimum cybersecurity controls for private-sector entities that do not operate critical infrastructure, reduce cybersecurity risks arising from internal and external threats, and protect information and technical assets. This contributes to strengthening cybersecurity at the national level.

The NCA is the competent authority for cybersecurity in the Kingdom and the national reference for all related matters. It enhances cybersecurity to protect the state’s vital interests and national security, in addition to safeguarding critical infrastructure, priority sectors, and government services and activities.

The authority is also responsible for setting cybersecurity policies, governance mechanisms, frameworks, standards, controls, and guidelines, with the aim of achieving a secure and trusted Saudi cyberspace that enables growth and prosperity.

The document is available through the authority’s official website.