NCA ECC / OTCC Overview

Last updated: March 29, 2024

The government in Saudi Arabia established the National Cybersecurity Authority (NCA) to create the Operational Technology Cybersecurity Controls (OTCC) which help fulfill the cybersecurity needs related to the development of national cybersecurity policies, governance mechanisms, frameworks, standards, controls, and guidelines. There are four main domains within the OTCC: Cybersecurity Governance, Cybersecurity Defense, Cybersecurity Resilience, and Third-Party Cybersecurity. Tenable assists organizations to proactively monitor the network to discover vulnerabilities in their environment and provide a high-level overview of an organization's vulnerability management program.

This Cyber Exposure Study provides guidance through the following primary sub-domains of the NCA OTCC:

• 1-3: Cybersecurity Risk Management

• 2-1: Asset Management

• 2-2: Identity and Access Management

• 2-9: Vulnerabilities Management

• 2-10: Penetration Testing

• 2-12: Cybersecurity Incident and Threat Management