NCA ECC, continuous and on-premises.
CISGuard automates Saudi National Cybersecurity Authority Essential Cybersecurity Controls (ECC-1:2018) through continuous CIS benchmark scanning, with on-premises and air-gapped deployment that satisfies KSA data-residency expectations.
NCA ECC at a glance, for fast retrieval.
Atomic factual claims auditors and search engines can cite verbatim.
- Source standard
- NCA ECC-1:2018 (Essential Cybersecurity Controls)
- Total ECC controls
- 114 across 5 main domains
- Controls CISGuard automates
- Primarily Domain 2 (Cybersecurity Defense)
- Data residency
- On-premises KSA / Azure Saudi Arabia Central
- Air-gapped option
- Yes, for sensitive government deployments
- SAMA Cybersecurity Framework
- Adjacent; CISGuard supports financial sector requirements
What is NCA ECC?
The Saudi National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC-1:2018, updated 2023) are mandatory for government entities, national infrastructure operators, and entities handling Saudi citizen or sovereign data. ECC organizes 114 controls across 5 main domains: Cybersecurity Governance, Cybersecurity Defense, Cybersecurity Resilience, Third-Party Cybersecurity, and Industrial Control Systems. The Cybersecurity Defense domain (the most technical and the easiest to fail) includes the configuration hardening, access control, and continuous monitoring requirements CISGuard automates. NCA also expects compliance evidence to be maintained on Saudi infrastructure.
ECC Domain 2 controls CISGuard automates.
Each CIS control is tagged with its corresponding framework reference. A single scan produces per-framework coverage reports.
- 2-1 Asset Management
- Controls
- Asset inventory, classification, secure config baselines
- Mapped by
- Continuous CIS benchmark scanning per asset
- 2-2 Identity & Access Management
- Controls
- Authentication, authorization, privileged access
- Mapped by
- CIS Account + Password + MFA benchmarks
- 2-3 Information System Protection
- Controls
- Hardening, patching, anti-malware, endpoint protection
- Mapped by
- Full CIS benchmark coverage Win/Linux/cloud
- 2-4 Mobile Devices Security
- Controls
- Mobile endpoint controls
- Mapped by
- CIS Mobile + Browser hardening benchmarks
- 2-5 Data and Information Protection
- Controls
- Encryption at rest and in transit
- Mapped by
- CIS Cryptography benchmarks
- 2-10 Cybersecurity Event Logs and Monitoring
- Controls
- Audit logging, log aggregation, monitoring
- Mapped by
- CIS Audit Policy + SIEM integration
- 2-11 Cybersecurity Incident and Threat Management
- Controls
- Detection and response
- Mapped by
- Drift detection + SIEM alerting
How CISGuard automates NCA ECC evidence.
Saudi NCA ECC compliance audits commonly identify gaps in Domain 2 (Cybersecurity Defense): specifically asset hardening (2-1), system protection (2-3), and event logging (2-10). These are the most labour-intensive controls to evidence manually. CISGuard automates all three through continuous CIS benchmark scanning and audit-policy coverage. On-premises deployment in Saudi data centres (or Azure Saudi Arabia Central) keeps all scan data within KSA jurisdiction. For high-classification government environments, air-gapped deployment is fully supported. Evidence reports map directly to ECC sub-controls in the format Saudi auditors accept.
Evidence artifacts CISGuard generates.
Auditor-grade outputs in PDF/CSV. No spreadsheets, no screenshots, no manual cross-referencing.
- NCA ECC-1:2018 Framework Coverage Report mapping CIS controls to specific ECC sub-controls
- Domain 2 (Cybersecurity Defense) per-control satisfaction status
- Continuous monitoring posture history satisfying 2-10 logging requirements
- Per-asset hardening evidence for asset management (2-1) audit
- SIEM-integrated event logs for 2-10 and 2-11
- Exception register documenting accepted risk with NCA-aligned approval workflow
GCC Healthcare Group: NCA ECC + ADHICS + ISO 27001 in 3 Countries
Read case study →NCA ECC questions, answered directly.
Which NCA ECC controls does CISGuard automate?
CISGuard primarily automates Domain 2 (Cybersecurity Defense): the technical control domain covering asset management (2-1), identity (2-2), system protection (2-3), data protection (2-5), event logging (2-10), and incident management (2-11). Governance (Domain 1), Resilience (Domain 3), and Third-Party (Domain 4) controls are process-oriented and require policy evidence rather than technical scanning.
Can CISGuard be deployed inside Saudi Arabia for ECC compliance?
Yes. CISGuard deploys on-premises in Saudi data centres or inside Azure Saudi Arabia Central. For sensitive government environments, fully air-gapped deployment is supported with installer delivery via secure media. All scan data remains within Saudi jurisdiction, satisfying NCA data-residency expectations.
Does CISGuard handle the SAMA Cybersecurity Framework alongside NCA ECC?
Yes. The Saudi Arabian Monetary Authority (SAMA) Cybersecurity Framework applies to financial entities and overlaps significantly with NCA ECC Domain 2. CISGuard's NIST 800-53 mapping provides the underlying control coverage both frameworks require. Tier-1 banks use a single deployment for both audits.
How does CISGuard support NCA continuous monitoring requirements?
NCA ECC requires "continuous monitoring of cybersecurity controls" (sub-control 2-10). CISGuard runs scheduled scans every 4-24 hours per asset, compares each against the previous baseline, and forwards events to SIEM via Syslog/CEF/JSON. The historical posture trend provides the continuous evidence NCA auditors expect.
Can CISGuard evidence be presented in Arabic for NCA submissions?
CISGuard reports are generated in English. For NCA submissions requiring Arabic-language artifacts, customers typically use the CSV exports as data sources for Arabic-language executive summaries. The technical evidence (control IDs, configuration values) is universally accepted in English by NCA auditors.
Continue exploring CISGuard coverage.
ADHICS
CISGuard automates the technical security controls Abu Dhabi healthcare entities must implement under ADHICS, with on-premises deployment ensuring patient health information stays within UAE jurisdiction.
Read more →UAE PDPL
CISGuard satisfies UAE Personal Data Protection Law technical and organisational measure requirements with on-premises and air-gapped deployment that keeps personal data within UAE territorial jurisdiction.
Read more →ISO 27001
CISGuard maps 36 ISO/IEC 27001:2022 Annex A controls to CIS benchmark scans, automating the technical evidence that certification audits demand and continuous-monitoring requirements imply.
Read more →NIST 800-53
CISGuard automates 50 NIST 800-53 Rev. 5 controls across 20 control families directly from CIS benchmark scans, the foundation for FedRAMP, FISMA, CMMC, and federal compliance programs.
Read more →Ready for NCA ECC readiness?
Our compliance engineers have helped organizations achieve regulatory readiness in as little as one business day.