Description

Adopted Data Cybersecurity Controls (DCC-1:2022)

On 1 November 2022, the National Cybersecurity Authority (NCA) of Saudi Arabia published the Data Cybersecurity Controls (DCC-1:2022). The DCC forms part of the NCA's mandate, as set out in Royal Decree number 57231, to guarantee the continuous compliance of organisations with the requisite cybersecurity measures. The DCC requires compliance from Saudi government and private organisation operating Critical National Infrastructure. This regulation provides a structured classification for data protection with distinct security requirements, defining a four-tier system for the protection of data based on its sensitivity. The highest level of classification, Top Secret, necessitates the implementation of rigorous access limitations, secure disposal procedures, and regular audits. In comparison, Secret data requires the establishment of a robust access management system, the installation of monthly patches, and the implementation of enhanced security hardening measures. Access to confidential data is restricted to specific roles, with the data masked to prevent external sharing. In contrast, public data is more open, but still requires basic access control and secure disposal. This framework extends the Essential Cybersecurity Controls (ECC) to encompass the entire data lifecycle.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: internet and telecom services, infrastructure provider: cloud computing, storage and databases, infrastructure provider: network hardware and equipment, infrastructure provider: other
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2022-11-01
adopted

On 1 November 2022, the National Cybersecurity Authority (NCA) of Saudi Arabia published the Data C…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.