National Cybersecurity Authority Issues Cloud Cybersecurity Controls
The National Cybersecurity Authority (NCA) has issued the Cloud Cybersecurity Controls (CCC -1:2020) document, which aims to reinforce cloud services reliability through providing secure cloud services that contribute to resilience against different cyber threats, which supports business and services continuity.
This comes alongside many of NCA’s efforts, as it is the competent authority to issue, monitor, and update cybersecurity policies and standards in the Kingdom, thereby enhancing the national cyberspace. The document enables defining security requirements for cloud services to meet the security needs and increase the readiness level for all cloud services against cyber risks. This document was developed after studying many cybersecurity standards, frameworks and controls that were developed by national and international organizations and entities, in addition to studying the best cybersecurity international practices and experiences.
The document consists of 37 main controls and 96 subcontrols for cloud service providers, as well as 18 main controls and 26 subcontrols for cloud service tenants, which are divided into 4 main domains. Furthermore, NCA has developed the cybersecurity cloud controls methodology and mapping annex document, which contains the design principles of the cybersecurity cloud controls, relation with other international standards, design methodology, main domains and subdomains structure, and a number of other explanatory sections.
It is worth mentioning that the cybersecurity cloud controls (CCC -1: 2020) are an extension of many controls, standards, and instructions issued by NCA, such as (Essential Cybersecurity Controls and Critical Systems Cybersecurity Controls). NCA works with all the relevant organizations to implement these controls, thus enhancing the Kingdom’s cybersecurity to protect its vital interest, national security, critical infrastructure, high priority sectors and government services and activities.