Data Cybersecurity Controls
| Date(g): 31/1/2023 | Date(h): 10/7/1444 | Status: In-Force |
Translated Document
Referring to the Cyber Security Framework issued by SAMA, which mandates financial institutions to establish a mechanism for implementing the relevant regulatory guidelines and standards criteria issued by national and international entities, and to comply with their application according to the following scope guidelines:
We would like to inform you that the National Cybersecurity Authority has issued Data Cybersecurity Controls (1:2022-DCC), which extend and complement the fundamental cybersecurity controls. Financial institutions are required to comply with the provisions outlined in these controls as follows:
| First: | Implement measures to ensure ongoing and continuous compliance with these controls. |
| Second: | Conduct a self-assessment of the current status of the financial institution using the assessment and compliance tool. |
| Third: | Complete implementation of the controls by no later than the end of September 2023. |
SAMA also emphasizes the necessity of adhering to the aforementioned instructions according to the specified timeline, along with the urgent need to assess and manage cybersecurity risks to address potential threats. For any inquiries, please contact the General Department of Cyber Risk Supervision at the email address.