National Cybersecurity Authority (NCA) is the primary government entity responsible for overseeing and operating cybersecurity in the Kingdom of Saudi Arabia. It collaborates closely with public and private entities to enhance the Kingdom's cybersecurity posture to safeguard its critical interests, national security, key infrastructure, high-priority sectors, government services, and activities consistent with Vision 2030.
Communications, Space and Technology Commission (CST): The organization is responsible for organizing the communications and information technology sector in the Kingdom of Saudi Arabia, and overseeing the standardization of ICT regulations. It provides licenses to Communications and Information Technology Organization, regulates the industry, and monitors internet usage within the country. The CST was formerly known as the Communications and Information Technology Commission (CITC). On November 10, 2022, the CITC was officially renamed the CST.
To standardize the use of information technologies and consolidate and improve national cyber security, the National Cybersecurity Authority (NCA) and the Communications, Space and Technology Commission (CST) of Saudi Arabia have released a series of cyber security regulations:
- Essential Cybersecurity Controls (ECC): Basic cybersecurity standards on the Critical National Infrastructures (CNI) of organizations and government departments in the Kingdom of Saudi Arabia.
- Cloud Cybersecurity Controls (CCC): Supplement and are extensions of ECC. CCC outlines cloud computing cyber security requirements from the perspectives of cloud service providers and cloud service tenants to improve security and reduce cyber risks for all services and users.
- Cybersecurity Regulatory Framework (CRF) was released to improve cybersecurity maturity for the information and telecommunications (ICT) sector. Under CRF, cybersecurity risks must be managed in accordance with international best practices and local cybersecurity regulations. LSPs must follow CRF to meet minimum security requirements. The Huawei Cloud white paper, Huawei Cloud Compliance with Cybersecurity in Saudi Arabia, describes how Huawei Cloud can help you meet cybersecurity regulatory requirements in Saudi Arabia.
Huawei Cloud Riyadh region has been registered as a Class C Cloud Service Provider with Communications, Space and Technology Commission (CST) in the Kingdom of Saudi Arabia. The qualification is based on an assessment by the National Cybersecurity Authority (NCA) against the NCA’s Essential Cybersecurity Controls (ECC) and the Cloud Cybersecurity Controls (CCC).