National Cybersecurity Authority Announces Licensed Managed Security Operations Center (MSOC) Providers for Tier1
16 March 2025
The National Cybersecurity Authority (NCA) has announced the companies that have obtained Tier 1 licenses to provide Managed Security Operations Center (MSOC) services. These licenses allow providers to deliver comprehensive MSOC services to all organizations, including government and private sector organizations that own, operate, or host Critical National Infrastructures (CNIs). This step aligns with the NCA's strategic goals of fostering a robust cybersecurity sector in Saudi Arabia and stimulating investment, ultimately strengthening national cybersecurity and improving services for national organizations.
The NCA issued Tier 1 licenses to «SITE, sirar by stc, Haboob, Cyberani by aramco digital, TCC, and SAMI-AEC». These licenses allow providers to offer MSOC services to the beneficiary organizations in order to strengthen cybersecurity, detect cyber threats, and provide recommendations on how to address them.
The NCA has stated that this licensing phase follows the issuance of the "Regulatory Framework for Licensing Managed Security Operations Center Services" and the issuance of the "National Policy for Managed Security Operations Centers" mandating government and private sector organizations that own, operate, or host CNIs to carry out their Security Operations Center (SOC) work through a Tier 1 licensed MSOC service provider.
The National Cybersecurity Authority (NCA) is the national entity in charge of cybersecurity in the Kingdom of Saudi Arabia and the national reference in all its affairs. The NCA aims to enhance the Kingdom's cybersecurity posture to safeguard its vital interests, national security, critical infrastructure, priority sectors, and government services and activities. The NCA undertakes several key responsibilities, including stimulating the growth of the Kingdom's cybersecurity sector, fostering innovation and investment therein, and licensing individuals and non-governmental entities to conduct cybersecurity-related activities and operations.