Cyber Security Framework- Maturity Level 4 Requirements
| No: 298140000067 | Date(g): 17/1/2019 | Date(h): 11/5/1440 |
Translated Document
Further to Sama's instructions issued by Circular No. 381000091275 dated 28/8/1438 H regarding the Cyber Security Framework and Maturity Level 3.
We inform you that based on Sama's powers to enhance cybersecurity in the financial sector and raise the level of maturity to face cyber challenges and manage them in a professional and advanced manner, it has been decided for banks the following:
| 1- | Develop a Roadmap to achieve all the requirements of Maturity Level 4 by the end of the third quarter of 2020G, for all the requirements of the following subdomains in the Information Security Organizational Guide: | ||
| 3.3.14 | -Cyber Security Event Management | ||
| 3.3.15 | -Cyber Security Incident Management | ||
| 3.3.16 | -Threat Management | ||
| 3.3.17 | -Vulnerability Management | ||
| 2- | Providing the necessary support to the Information Security Management, supplying them with qualified national personnel, technical tools, and appropriate training to perform their role to the fullest extent. | ||
| 3- | Present the business plan (Roadmap) as mentioned in paragraphs (1) and (2) to the Board of Directors and obtain approval for the plan and the necessary support. | ||
| 4- | Provide SAMA (Financial Sector IT Risk Supervision Department) with the following: | ||
| a- | Board-approved plan by the end of the first quarter of 2019G. | ||
| b- | Quarterly reports starting from the end of the second quarter of 2019G, showing the stages of fulfillment of SAMA's requirements in this regard until they are completed. | ||
| c- | A detailed annual report by the bank's internal audit department indicating the extent of compliance with the requirements of the Regulatory Guide compared to the required maturity level, according to the tool to be determined by SAMA. | ||
كما سيقوم البنك المركزي بزيارات ميدانية للتحقق من الالتزام بهذه التعليمات.