Axidian recently hosted a webinar for security and IT leaders in Saudi Arabia, focused on one of the most pressing challenges for 2025: how to comply with ECC-2:2024 — the updated cybersecurity framework from the National Cybersecurity Authority (NCA).
The session brought together dozens of professionals from governmental organizations and private companies that work with the Critical National Infrastructure — all facing similar questions:
- What’s required in the latest version of NCA ECC?
- How much of it can be automated?
- What tools actually help — without overcomplicating compliance?
ECC-2:2024 compliance: what changed and where to focus in 2025
The webinar covered a practical roadmap to ECC compliance, including:
- An overview of the 4 domains and 29 subdomains of ECC-2:2024
- An approach to prioritize controls based on the processes and technologies required
- Key controls that can be fully automated with solutions like Axidian Access, Axidian Privilege, and Axidian CertiFlow
- The role of identity security solutions in achieving ECC coverage across multiple requirements
- Lessons from recent deployments in Saudi Arabia’s energy and public sectors
Axidian has also developed a practical ECC compliance guide based on version 2.0 — focused on implementation, not theory. It’s available upon request.
Practical concerns from the field: what security teams are really asking
Attendees were especially interested in:
- How to enforce ECC-compliant MFA in legacy environments
- Options for offline access, biometric authentication, and mobile OTP
- Managing privileged access in hybrid and cloud setups
- Handling certificate lifecycle and smart cards at scale
How to avoid rushed audits and meet ECC requirements with less effort
Meeting the requirements of 110 NCA ECC controls can seem overwhelming. Knowing where to start is usually the most difficult part. That is why our team suggests a structured approach to the NCA ECC preparation.
The list of cybersecurity tools to cover all controls can be endless and the costs – virtually infinite. It is wise to follow the philosophy of doing more with less – using the maximum of the tools that are mandatory by NCA ECC to achieve the widest coverage. In the webinar, we showed how Axidian cybersecurity solutions help address not only the identity security-related controls, but many more.
Missed the session?
Watch the webinar recording to hear the full discussion, our client’s success story, and answers to audience questions.