Understanding NESA Compliance For UAE Cybersecurity Law
NESA, the abbreviation of National Electronic Security Authority, in the United Arab Emirates (UAE) is the federal body which takes care of the growth in Cyber Security in the UAE region.
With cyber awareness and building a secure culture around information technology, NESA has UAE Information Assurance Standards (UAE IAS) which comes with several strategies, policies, and standards to directly fall in line with Cyber Security compliance in the United Arab Emirates.
Adherence to NESA standard, as described in the UAE IA Standards, is mandatory for government and semi-government firms, and business organizations which are recognized as ‘critical infrastructure’ in the UAE.
NESA Compliance - We Talk About
What is UAE IAS?
NESA is responsible for security culture in the UAE. This gains immense strength in the security of UAE’s critical data information (CII) with the UAE Information Assurance Standards (UAE IAS), which is a set of standards and policies guidelines.
NESA UAE Compliance Objectives
When was NESA regulation formed?
NESA Compliance - A snapshot
The scope of SAMA (Saudi Arabian Monetary Authority) regulation is vast and covers a wide range of financial activities and institutions operating in Saudi Arabia.
SAMA is responsible for regulating and supervising the entire financial system in Saudi Arabia, including banks, insurance companies, exchange houses, financial intermediaries, and other financial institutions.
The scope of SAMA regulation covers various areas such as monetary policy, financial stability, consumer protection, and financial market development.
SAMA also sets rules and regulations for payment systems, credit card operations, electronic banking, and other financial services offered by institutions operating within Saudi Arabia.
In addition, SAMA is responsible for ensuring that financial institutions operating in Saudi Arabia comply with international standards, such as Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) policies and procedures.
Some common SAMA Compliance requirements that financial institutions must adhere to include:
- Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) policies and procedures to detect, prevent, and report suspicious activities.
- Know Your Customer (KYC) policies to verify the identities of customers and prevent fraud.
- Regular reporting and disclosure of financial information to SAMA.
- Maintaining adequate records and documentation to support compliance efforts.
- Regular training of employees to ensure they are aware of the latest SAMA regulations and compliance requirements.
Find the Right SEMA Compliance & Audit Consultant Fast
Get matched for free with top NESA compliance Expert for Audit Assistance, readiness & implementation strategy; fitting your budget & timeline.
NESA Controls List
How to meet NESA compliance requirements?
The UAE-NESA standards have 188 security controls– grouped under management level and Technical security level controls. 60 are related to management and the other 128 are technical.
The NESA security controls are based on 24 types of threats and have been given the corresponding priority level according to the volume of data breaches certain type of attack caused.
NESA UAE families of management controls and technical controls
|NESA Management Control Family||Controls||NESA Technical Control Family||Controls|
|M1: Strategy and Planning||15||T1: Asset management||10|
|M2: Information Security Risk Management||11||T2: Physical & environmental security||16|
|M3: Awareness and Training||8||T3: Operations management||17|
|M4: Human Resource Security||8||T4: Communications||15|
|M5: Compliance||13||T5: Access control||22|
|M6: Performance Evaluation & Improvement||5||T6: 3rd-party security||6|
|T7: Information systems acquisition, development and maintenance||25|
|T8: Information security incident management||13|
|T9: Information security continuity management||4|
These controls are further categorized on the basis of a 4-tier layered approach – basically on the basis of Priority.
P1 (Priority 1) being the highest and P4 is, as guessed, the lowest.
NESA Controls Priority LevelsNESA Controls have one of four priorities levels. 39 controls, out of 188, are Priority 1 controls which contribute in 20% of security threats. Moreover, based on a tiered approach, Priority 1 controls are mandatory to be applied whereas none of the technical controls are “always applicable”.
NESA’s Audit & Compliance Process
NESA Compliance Consulting, Audit & Implementation
SAMA Compliance Audit service typically involves an audit of financial institutions' cybersecurity systems and processes to ensure compliance with the SAMA Cybersecurity Framework. We may assess the financial institution's cybersecurity posture and identify gaps, weaknesses, and areas for improvement. Based on the audit findings, we may offer recommendations and remediation plans to help institution achieve compliance with the SAMA Cybersecurity Framework to ensure they are adequately protected against cyber threats and are in compliance with SAMA's regulations.
Find the Right NESA Consultant Fast
Get in touch with top NESA Consultant that fit your budget & timeline