Data Cybersecurity Controls


Data Cybersecurity Controls

Type of regulatory document: Policies and controls

In continuation of its role in regulating and protecting the Kingdom's cyberspace, NCA has issued the Data Cybersecurity Controls (DCC-1:2022). These controls have been developed after conducting a comprehensive study of multiple national and international cybersecurity standards, frameworks and controls, studying related laws and regulations, reviewing cybersecurity best practices and analyzing cybersecurity risks, threats, previous incidents and attacks at the national level.


The document aims to contribute to raising the cybersecurity maturity at a national level by setting the minimum cybersecurity requirements to enable organizations to protect their data during its entire data lifecycle.  This document highlights the details of the Data Cybersecurity Controls (DCC), objectives, scope of work, compliance and monitoring. These controls are an extension to the Essential Cybersecurity Controls (ECC).


Data Cybersecurity Controls (DCC)

DCC-1:2022 Assessment and Compliance Tool