Arabic System House

Cloud Cybersecurity Controls

The National Cybersecurity Authority “NCA” has developed the Cloud Cybersecurity Controls (CCC – 1: 2020) as an extension and a complement to Essential Cybersecurity Controls (ECC – 1: 2018). The CCC aims to set cybersecurity requirements for cloud computing from the perspective of Cloud Service Providers (CSPs) and Cloud Service Tenants (CSTs); to meet the security needs and raise the CSPs’ and the CSTs’ preparedness towards reducing cybersecurity risks on all cloud computing services. The Cloud Cybersecurity Controls consist of 37 main controls and 96 subcontrols for CSPs, and 18 main controls and 26 subcontrols for CSTs, divided into four main domains:
  • Cybersecurity Governance
  • Cybersecurity Defense
  • Cybersecurity Resilience
  • Third-party Cybersecurity

The Cloud Cybersecurity Controls are mandatory where all CSPs and CSTs (mandated to comply with these controls within the scope of work) must implement whatever necessary to ensure continuous compliance with the controls.