Digital Policy Alert logo

Saudi Arabia: Closed consultation on Non-Critical National Infrastructure Private Sector Organizations Cybersecurity Controls

Policy overview

Description

Closed consultation on Non-Critical National Infrastructure Private Sector Organizations Cybersecurity Controls

On 31 January 2024, the Communications, Space & Technology Commission of Saudi Arabia (CST) closed its consultation on the draft Non-Critical National Infrastructure Private Sector Organizations Cybersecurity Controls. These Controls outline the minimum cybersecurity standards for organizations that are not considered Critical National Infrastructure (CNI). The CNI Cybersecurity Controls is organised into three domains of cybersecurity governance, cybersecurity defence, and third party cybersecurity and sets out different controls in each. The goal is to help these organizations reduce cyber risks from internal and external threats by leveraging industry best practices.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2023-12-28
in consultation

On 28 December 2023, the Communications, Space & Technology Commission of Saudi Arabia (CST) opened…

2024-01-31
processing consultation

On 31 January 2024, the Communications, Space & Technology Commission of Saudi Arabia (CST) closed …

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.