Saudi NCA ECC-2:2024

Cybersecurity Government

Saudi Arabia's National Cybersecurity Authority published the Essential Cybersecurity Controls (ECC-2:2024) to establish a minimum cybersecurity baseline for organizations across the Kingdom. This assessment maps your security posture against the ECC's four domains — Governance, Defence, Resilience, and Third-Party/Cloud — spanning 60 controls and their sub-controls. It addresses the specific requirements for government entities, critical infrastructure operators, and organizations supporting national interests, including ICS/OT environments, cloud services, and web applications.

Domains

Questions

~33 min

Estimated Time

What You'll Be Assessed On

Scope & Applicability Applicability Check

3 questions

Cybersecurity Strategy & Management (1-1, 1-2)

3 questions

Policies, Roles & Compliance (1-3, 1-4, 1-5)

3 questions

Risk Management & Audit (1-6, 1-7, 1-8)

3 questions

Awareness & Training (1-9, 1-10)

2 questions

Asset Management & IAM (2-1, 2-2, 2-3)

2 questions

Network, Email & Infrastructure Security (2-4, 2-5, 2-6, 2-7)

4 questions

System Hardening, Patching & Endpoint Security (2-8, 2-9, 2-10, 2-11)

3 questions

Monitoring, Logging & Incident Management (2-12, 2-13, 2-14, 2-15)

3 questions

Physical Security & Change Management (2-16, 2-17)

2 questions

Cybersecurity Resilience (3-1)

2 questions

Third-Party & Supply Chain Security (4-1, 4-2)

3 questions

Step-by-Step

Answer questions one domain at a time with progress tracking.

Instant Scoring

Get a weighted maturity score and per-domain breakdown immediately.

Actionable Roadmap

Receive a phased remediation plan tailored to your results.

Takes approximately 33 minutes to complete.