Version: 1.0.0-beta

NCA ECC Compliance

AIIA includes a built-in framework for the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) — a mandatory cybersecurity framework for Saudi government and critical infrastructure organizations.

Compliance Frameworks

Framework Details

Property	Value
Code	`ECC-2:2024`
Name	Essential Cybersecurity Controls
Issuing Body	NCA (National Cybersecurity Authority)
Country	Saudi Arabia
Category	Regulatory
Status	Active

Framework Structure

The NCA ECC is organized into domains and sub-controls:

Domain	Description
Cybersecurity Governance	Policies, procedures, roles, responsibilities
Cybersecurity Defense	Technical controls, monitoring, incident response
Cybersecurity Resilience	Business continuity, disaster recovery
Third-Party Cybersecurity	Vendor management, supply chain security
Industrial Control Systems (ICS)	OT/SCADA-specific controls

Using NCA ECC in AIIA

Step 1 — Enable the Framework

Navigate to Compliance → Frameworks
Find NCA ECC in the list
Click Enable to activate for your organization

Step 2 — Map Controls

Map your organization's controls to NCA ECC requirements:

Open a requirement
Click Map Control
Select from your Control Library or create a new control
Set the compliance status

Step 3 — Assess Compliance

For each requirement:

Set implementation status (Implemented / Partially / Not Implemented / N/A)
Link evidence proving implementation
Add assessment notes
Set a target date for incomplete items

Step 4 — Track Progress

The compliance dashboard shows:

Overall compliance percentage
Domain-by-domain breakdown
Gap analysis with remediation priorities
Trend over time

Cross-Framework Mapping

NCA ECC requirements can be mapped to other frameworks:

ISO 27001 → identify shared controls
NIST CSF → cross-reference control categories
Custom frameworks → organization-specific mappings

This reduces duplicate compliance effort through shared control evidence.

Bilingual Support

NCA ECC requirements are available in both English and Arabic (name_ar, description_ar), supporting bilingual compliance management.

Framework Details​

Framework Structure​

Using NCA ECC in AIIA​

Step 1 — Enable the Framework​

Step 2 — Map Controls​

Step 3 — Assess Compliance​

Step 4 — Track Progress​

Cross-Framework Mapping​

Bilingual Support​