Meet the NCA ECC Requirements

Axidian solution based on 3 products helps organizations in Saudi Arabia comply with NCA ECC controls.

BOOK A DEMO
nca-ecc-complaence-pic

What is NCA ECC

As part of the Vision 2030 program, the National Cybersecurity Authority (NCA) of the Kingdom of Saudi Arabia has issued several regulatory frameworks aimed at enhancing cybersecurity. The NCA Essential Cybersecurity Controls set the minimum cybersecurity requirements and best practices for national organizations.

The current version of the regulation — NCA ECC-2:2024 — consists of 110 controls across 4 cybersecurity domains:

  • Cybersecurity Governance
  • Cybersecurity Defense
  • Cybersecurity Resilience
  • Third-Party and Cloud Computing Cybersecurity

These cybersecurity controls are linked to related national and international law and regulatory requirements.

Who must comply

The NCA ECC applies to a wide range of entities operating in the Kingdom of Saudi Arabia, including:

  • Government bodies, such as ministries, authorities, and affiliated entities.
  • Private-sector organizations that own, operate, or host Critical National Infrastructure (CNI) assets.
  • Companies and entities under government ownership or control.

Compliance is mandatory for these entities to ensure the protection of national digital assets and the resilience of the Kingdom’s critical services.

Why it is important

In case of non-compliance organization may face not only increased cybersecurity risks, gaps and reputational damage, but also some potential penalties, such as:

  • Administrative sanctions (restrictions of operations, suspension of services or loss of certification)
  • Financial penalties
  • Contractual complications (blacklisting from major projects and tenders)
  • Cyber incident liability
  • Criminal liability (in grave cases)

NCA ECC Compliance with Axidian Solutions

According to NCA ECC-2:2024 cybersecurity requirements for identity and access management (2-2-3) and for cryptography (2-8-3), it is mandatory that organizations implement such solutions as Axidian Privilege, Axidian Access and Axidian CertiFlow to secure their digital identities, access and cryptographic keys.

nca-ecc-am

With Axidian Access

  • Introduce Multi-Factor Authentication (MFA) for local and remote logins
  • Implement Role-based access control (RBAC)
  • Enforce the Least Privilege principle
  • Apply granular access settings based on user location, responsibilities and permissions
  • Review and update permissions regularly to reflect actual responsibilities
BOOK A DEMO

With Axidian Privilege

  • Implement two-factor authentication for privileged sessions
  • Control privileged activities, record sessions (video, screenshots, text logs)
  • Enforce the Least Privilege principle
  • Keep passwords and credentials hidden from users
  • Review and update permissions regularly to reflect actual responsibilities
BOOK A DEMO
nca-ecc-pam
nca-ecc-cm

With Axidian CertiFlow

  • Automate the issuance of personal digital certificates and their deployment on cryptographic tokens
  • Monitor any certificates used in the company
  • Track expiration of smart cards and USB tokens and revoke digital certificates automatically
  • Store and distribute PIN policies centrally
BOOK A DEMO

Additional coverage

Besides the controls above that require identity security solutions, Axidian can help you achieve a wider coverage and enhance compliance to more NCA ECC controls which are related to policies, procedures, incident investigation, threat management, business continuity, securing third-party access, and more. For more detail, download our NCA ECC compliance guide, which includes the Axidian solution mapping to the Controls.

DOWNLOAD GUIDE
nca-ecc-pam

Book a Demo

Experience why organizations globally trust Axidian to strengthen their identity and access security.

Click the button below, leave your contact information, and our team will reach out to you promptly to arrange a personal product demo based on your security needs.

BOOK A DEMO
book-a-demo-image