Essential Cybersecurity Controls

The National Cybersecurity Authority “NCA” has developed the Essential Cybersecurity Controls (ECC – 1: 2018) to set the minimum cybersecurity requirements based on best practices and standards to minimize the cybersecurity risks to the information and technical assets of organizations that originate from internal and external threats. The Essential Cybersecurity Controls consist of 114 main controls, divided into five main domains:
  • Cybersecurity Governance
  • Cybersecurity Defense
  • Cybersecurity Resilience
  • Third-party and Cloud Computing Cybersecurity
  • Industrial Control Systems Cybersecurity 

The Essential Cybersecurity Controls are mandatory where all organizations, within the scope of these controls must implement whatever necessary to ensure continuous compliance with the controls.