Description

Adopted Operational Technology Cybersecurity Controls for Infrastructure Providers

In April 2022, the National Cybersecurity Authority (NCA) of Saudi Arabia adopted the Operational Technology Cybersecurity Controls (OTCC-1:2022). The OTCC was developed as part of Saudi Arabia's Vision 2030 initiative and serves to establish cybersecurity standards for critical infrastructure. The OTCC apply to Industrial Control Systems in government organisations and private organisations operating Critical National Infrastructure. The OTCC is aligned with international cybersecurity standards and best practices, thereby extending the NCA's Essential Cybersecurity Controls (ECC). The OTCC is comprised of four domains: Governance, Defence, Resilience, and Third-Party Cybersecurity. These domains encompass a total of 47 main controls and 122 subcontrols. Each domain is designed to secure different aspects of OT, covering policies, roles, risk management, asset protection, access control, and related matters. The document places considerable emphasis on the necessity of ongoing compliance and the importance of regular audits, including self-assessment and third-party evaluations.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: internet and telecom services, infrastructure provider: cloud computing, storage and databases, infrastructure provider: network hardware and equipment, infrastructure provider: other
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2022-04-01
adopted

In April 2022, the National Cybersecurity Authority (NCA) of Saudi Arabia adopted the Operational T…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.