NCA is responsible for developing cybersecurity policies, oversight mechanisms, frameworks, standards, controls, and guidelines. These are then circulated to relevant national entities for compliance.


NCA uses two measurement tracks to ensure compliance: self-assessment and external evaluation. National entities are required to comply with the regulations and controls issued by NCA.


Commitment based on self-assessment

During the self-assessment process, a national entity evaluates its implementation of controls and shares the results with NCA. Any controls that have not been implemented are catalogued, and the entity is asked to devise a corrective action plan to address identified gaps.


Gaps are continuously monitored, utilizing approaches dependent on the entity's commitment level and sensitivity.


NCA has developed tools to assess and measure compliance with issued control documents. These tools enable national entities to assess how well they apply the controls. NCA asks of entities to frequently conduct these assessments.


The Haseen platform provides a self-compliance assessment tool through its self-assessment process service (Haseen portal 


Commitments based on external evaluation

NCA evaluates, through external assessments, the compliance of entities with prescribed regulations. These assessments are carried out by external auditors. The findings of the auditor are brought under review and, when relevant, corrective plan are prepared and implemented.


These external evaluations help entities enhance their compliance levels.


The Haseen platform provides a link to the external evaluation operations service for all controls.