Picus Security Offers Guide to Saudi Cybersecurity Compliance

Picus Security has published a practical guide aimed at helping organizations comply with Saudi Arabia's National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) and Critical Systems Cybersecurity Controls (CSCC).

The NCA, established in 2017, oversees national cybersecurity policy and regulation. It mandates specific security controls for government entities, critical infrastructure operators, and organizations impacting national security. The ECC framework sets baseline requirements, while the CSCC extends these for operators of critical systems, such as those in the energy and water sectors.

Picus addresses the NCA's demand for periodic review and proof of control effectiveness through its platform. Utilizing "Adversarial Exposure Validation" (AEV), which combines automated breach and attack simulation with autonomous penetration testing, the system verifies that security controls actively block and detect known threats and attack paths.

The platform enables organizations to provide evidence of compliance, including test results and remediation guidance. Picus's "Threat Library" and "Mitigation Library" offer continuously updated information on threats and countermeasures, mapped to the MITRE ATT&CK framework. This assists organizations in Saudi Arabia to meet NCA requirements and demonstrate the functionality of their security controls.