Critical Systems Cybersecurity Controls

The National Cybersecurity Authority “NCA” has developed the Critical Systems Cybersecurity Controls (CSCC – 1: 2019), as an extension and a complement to the Essential Cybersecurity Controls (ECC), to fit the cybersecurity needs for national critical systems. The Critical Systems Cybersecurity Controls consist of 32 main controls and 73 subcontrols, divided into four main domains:
  • Cybersecurity Governance
  • Cybersecurity Defense
  • Cybersecurity Resilience
  • Third-party and Cloud Computing Cybersecurity

The Critical Systems Cybersecurity Controls are mandatory to the systems deemed critical -as per the critical systems criteria- by the organization who own or operate these systems,  where all organizations, within the scope of these controls must implement whatever necessary to ensure continuous compliance with the controls.