🇸🇦 Live Transportation

NCA Critical Systems Cybersecurity Controls (CSCC-1:2019)

NCA cybersecurity controls for critical national infrastructure covering industrial control systems and operational technology security. Applies to operators of critical systems in Saudi Arabia.

21

Rules extracted

105

Obligations decomposed

5.0x

Avg obligations per rule

🇸🇦 Saudi Arabia

Jurisdiction

What AuditDSS covers

Source

1

Regulation

Extracted

21

Rules

Decomposed

105

Obligations

5.0x

Decomposition ratio

Each rule is decomposed into an average of 5.0 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 105 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in CSCC-1:2019 is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
NCA Critical Systems Cybersecurity Controls (CSCC-1:2019)
Regulatory body
National Cybersecurity Authority
Jurisdiction
🇸🇦 Saudi Arabia
Document type
regulation
Effective date
January 1, 2019
Industry
Transportation

Who this applies to

government organizationsprivate sector entities with critical systemscritical national infrastructure operators

Key requirements

  • 4 main domains
  • 21 subdomains
  • 32 main controls
  • 73 subcontrols
  • critical systems protection
  • access restrictions
  • network isolation
  • disaster recovery

Frequently asked questions about CSCC-1:2019

What is CSCC-1:2019?
NCA cybersecurity controls for critical national infrastructure covering industrial control systems and operational technology security. Applies to operators of critical systems in Saudi Arabia.

Who does CSCC-1:2019 apply to?
CSCC-1:2019 applies to government organizations, private sector entities with critical systems, critical national infrastructure operators.

How many obligations does CSCC-1:2019 contain?
AuditDSS has decomposed CSCC-1:2019 into 105 atomic obligations from 21 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of CSCC-1:2019?
The key requirements include: 4 main domains, 21 subdomains, 32 main controls, 73 subcontrols, critical systems protection, access restrictions, network isolation, disaster recovery.

How can I assess my CSCC-1:2019 compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 105 CSCC-1:2019 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces CSCC-1:2019?
CSCC-1:2019 is enforced in Saudi Arabia by National Cybersecurity Authority.

When did CSCC-1:2019 come into effect?
CSCC-1:2019 became effective on January 1, 2019.

What industry does CSCC-1:2019 apply to?
CSCC-1:2019 is primarily relevant to the Transportation industry. AuditDSS covers 64 regulations in this industry sector.

Build a CSCC-1:2019 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for CSCC-1:2019 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering CSCC-1:2019 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine CSCC-1:2019 with other regulations into a single unified compliance pack for your business.

Build CSCC-1:2019 compliance pack

Already have a policy? Assess it against CSCC-1:2019

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 105 obligations

Your document is scored against every obligation in CSCC-1:2019. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Transportation

🇦🇺 Live

CASR 1998

10 rules, 97 obligations
🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

EPBC Act

16 rules, 153 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Modern Slavery Act 2018

9 rules, 135 obligations
🇦🇺 Live

NGER Act 2007

18 rules, 121 obligations
🇦🇺 Live

HVNL

10 rules, 88 obligations
🇦🇺 Live

Privacy Act 1988

29 rules, 203 obligations

Assess your CSCC-1:2019 compliance

Upload your document and get a risk-scored gap analysis against 105 CSCC-1:2019 obligations in under 5 minutes.

Start assessment Browse all regulations