Issued by the Saudi Arabian Monetary Authority (Saudi Central Bank). Mandatory for all banks, insurance companies, and fintech platforms operating in the Kingdom. 786 Cyber covers governance, risk, incident response, third-party security, and data privacy — all in one platform.
What is SAMA CSF?
SAMA CSF is the mandatory cybersecurity framework issued by the Saudi Arabian Monetary Authority (Saudi Central Bank) for all regulated financial institutions. It applies to banks, insurance companies, and fintech platforms operating in the Kingdom of Saudi Arabia.
The framework covers cybersecurity governance, risk management, incident response, third-party security, and data privacy. Non-compliance can result in regulatory audits, financial penalties, and reputational damage.
SAMA CSF complements NCA ECC-2:2024 for financial sector organisations. 786 Cyber covers both frameworks from one organisation profile — implement once, comply twice.
Who needs SAMA CSF?
Mandatory for all SAMA-licensed retail, commercial, and investment banks.
All insurers regulated by the Saudi Central Bank fall under SAMA CSF requirements.
Payment service providers, lending platforms, and other regulated fintechs operating in the Kingdom.
Third-party suppliers to SAMA-regulated firms increasingly required to demonstrate alignment.
The five themes
786 Cyber maps controls and generates policies across all five — automatically.
Board-level accountability and security strategy
Identification and treatment of cyber risks across the institution
Detection, reporting, and recovery from security incidents
Supplier and outsourced service provider risk management
Protection of customer and financial data
"SAMA CSF isn't a framework you can defer. For Saudi-regulated financial entities, it's the operating licence — both literally and reputationally."
How 786 Cyber helps
786 Cyber covers the policy, control, and evidence layers — whatever your audit trajectory.
6-step assessment identifies your SAMA CSF gaps, prioritises actions, and produces a clear roadmap — in under 10 minutes.
Information security, risk management, incident response, third-party risk, and data privacy policies — pre-populated for your organisation.
SAMA controls tagged to NCA ECC-2:2024 and ISO 27001. One implementation, multiple regulators.
Visual progress per SAMA theme — see exactly where you are and what's outstanding.
Every control implementation logged automatically. When SAMA auditors ask for evidence, it's already compiled.
Run SAMA CSF alongside NCA ECC, ISO 27001, and other GCC frameworks — all from one organisation profile.
Run the Compliance Wizard free — get your personalised SAMA CSF roadmap in under 10 minutes. No security expertise needed.