- Home
- Vision and Mission
About NCA
About NCA
The National Cybersecurity Authority (NCA) was established in 2017 by The Royal Order that links it directly to His Majesty, King Salman bin Abdulaziz Al Saud, to be the national authority in charge of cybersecurity in the Kingdom, and the national reference in all its affairs.
NCA aims at strengthening cybersecurity to safeguard the State’s vital interests, national security, critical infrastructures, priority sectors, and government services and activities. However, without prejudice to the NCA’s powers and duties provided for in its statute, public and private entities and any other entity shall not be relieved from their responsibility towards their own cybersecurity.
NCA’s statute defines cybersecurity as "The protection of networks, information technology systems, and operational technology systems, including hardware and software, services provided thereby, and data included therein, against hacking, disruption, modification, unauthorized access, and unlawful exploitation or use. Cybersecurity includes information security, electronic security, digital security, and the like”.
Vision: A resilient, secure, and trusted Saudi cyberspace that enables growth and prosperity. | Mission: To strengthen cybersecurity in the Kingdom to mitigate risks, boost trust, and enable growth. |
Values :
|
|
||||
|
|
NCA’s Powers and Duties
Drafting the national strategy for cybersecurity, supervising its implementation, and proposing updates thereto. |
||
Setting cybersecurity policies, governance rules, frameworks, rules, standards, and directives; communicating the same to relevant agencies; monitoring compliance therewith; and updating them. |
||
Identifying and classifying critical infrastructures as well as the agencies related thereto, and identifying priority sectors. |
||
|
Setting and updating framework for cybersecurity risk management and monitoring compliance therewith. | |
|
Notifying relevant agencies of cybersecurity risks and threats. | |
|
Setting and updating frameworks for responding to cybersecurity incidents and monitoring compliance therewith. |
|
|
Establishing, supervising, and operating national cybersecurity operation centers, and the like, including centers for control, surveillance, monitoring, exchange, and information analysis; sectoral cybersecurity operation centers, as necessary; and relevant platforms. | |
|
Conducting, on its own or through others, cybersecurity activities and operations. |
|
|
Regulating and supervising the sharing of cybersecurity-related information and data between various agencies and sectors in the Kingdom. | |
|
Providing support to relevant agencies, upon request and in accordance with the NCA’s available resources, during the investigation of cybersecurity crimes. |
|
|
Setting and updating national encryption policies and standards and monitoring compliance therewith. |
|
|
Setting and updating standards for licensing the import, export, and use of highly sensitive cybersecurity hardware and software specified by the NCA and monitoring compliance therewith, without prejudice to the standards or requirements of other relevant agencies. | |
|
Building national capacities in cybersecurity, participating in the preparation of educational and training programs, setting professional standards and frameworks, and developing and implementing relevant professional standardized tests and measurements. | |
|
Licensing individuals and non-government agencies to engage in cybersecurity activities and operations specified by the NCA. |
|
|
Establishing ties with counterpart agencies abroad and private entities to exchange expertise and establish frameworks for cooperation and partnership, in accordance with applicable procedures. | |
|
Exchanging technological and informational production as well as data and information with counterpart agencies aboard. | |
|
Representing the Kingdom in relevant regional and international organizations, agencies, and bilateral committees and groups as well as monitoring the Kingdom’s compliance with its international cybersecurity obligations. | |
|
Raising awareness on cybersecurity. |
|
|
Stimulating the growth of the cybersecurity sector in the Kingdom and encouraging innovation and investment therein. |
|
|
Conducting research and development studies, carrying out manufacturing processes, and transferring and developing technology in cybersecurity and related fields. |
|
|
Proposing mechanisms to optimize spending pertaining to cybersecurity. |
|
|
Developing key performance indicators relating to cybersecurity and preparing periodic reports on the state of cybersecurity in the Kingdom at the national and sectoral levels. |
|
|
Proposing cybersecurity laws, regulations, and decisions as well as amendments. |
|