About this Framework
The NCA Cloud Cybersecurity Controls (CCC) establish mandatory requirements for Saudi government entities and their cloud service providers. It addresses cloud governance, shared responsibility, data residency, encryption, identity management and cloud-specific incident response. The standard ensures national data in cloud environments remains protected under NCA oversight and Saudi regulatory requirements.
Key Control Domains
Cloud Governance
Cloud Risk Management
Shared Responsibility Model
Data Classification & Protection
Identity & Access Management
Incident Management
Business Continuity
Compliance & Audit
Who Needs This?
- Saudi government entities adopting cloud services
- Cloud service providers (CSPs) serving the Saudi public sector
- Entities operating under CITC or NCA cloud regulation
Compliance Benefits
- Mandatory NCA compliance for cloud workloads
- Clear cloud security accountability framework
- Alignment with Saudi data residency requirements
- Foundation for government cloud procurement eligibility
Official Reference
NCA Official Portal
https://nca.gov.sa
Assessment Details
Share this Assessment
Share this permanent link with your team, clients or auditors.
https://grcopilot.app/frameworks/national-cybersecurity-authority-cloud-cybersecurity-controls-nca-ccc