Issued by the National Cybersecurity Authority. Updated October 2024. Applies to government entities, critical infrastructure, and the private sector across all industries. 786 Cyber maps the 110 controls across all five domains and generates the policies you need to comply.
What is NCA ECC-2:2024?
NCA ECC-2:2024 is Saudi Arabia's national cybersecurity framework issued by the National Cybersecurity Authority (NCA). The framework was updated in October 2024 and applies to government entities, critical infrastructure, and private sector organisations across all sectors.
The framework is organised across five domains and contains 110 controls with a tier-based compliance model — Essential, Advanced, and Minimal.
NCA ECC is part of Saudi Vision 2030's digital transformation strategy. 786 Cyber maps the controls, generates the required policies, and tracks your progress through the tiered compliance journey.
Who needs NCA ECC?
Mandatory across all government bodies and ministries operating in the Kingdom.
Energy, telecoms, water, transport, and other CNI operators.
Applies to the private sector across all industries operating in the Kingdom.
A dedicated domain covers Industrial Control Systems and operational technology environments.
The five domains
786 Cyber maps controls and generates policies across all five — automatically.
Strategy, leadership, and accountability for cybersecurity
Technical and operational controls protecting assets
Continuity, recovery, and incident response capabilities
Supplier and cloud service risk management
Security for OT and ICS environments
"NCA ECC-2:2024 is the operational expression of Saudi Vision 2030's digital agenda. For any organisation operating in the Kingdom, alignment is no longer optional."
How 786 Cyber helps
786 Cyber covers the policy, control, and evidence layers — whatever your audit trajectory.
6-step assessment identifies your NCA ECC gaps, prioritises actions, and produces a clear roadmap — in under 10 minutes.
Information security, risk management, incident response, and third-party risk policies — pre-populated for your organisation.
NCA ECC controls tagged to ISO 27001 and SAMA CSF. One implementation, multiple frameworks.
Visual progress per NCA ECC domain — see exactly where you are and what's outstanding across all 110 controls.
Every control implementation logged automatically. When auditors ask for evidence, it's already compiled.
Run NCA ECC alongside ISO 27001, SAMA CSF, and other GCC frameworks — all from one organisation profile.
Run the Compliance Wizard free — get your personalised NCA ECC roadmap in under 10 minutes. No security expertise needed.