🇸🇦 Live Medical Devices & Diagnostics

NCA Essential Cybersecurity Controls (ECC-2:2024)

NCA baseline cybersecurity controls covering governance, defence, resilience, and third-party security for national organisations. Applies to government and critical private sector entities in Saudi Arabia.

28

Rules extracted

108

Obligations decomposed

3.9x

Avg obligations per rule

🇸🇦 Saudi Arabia

Jurisdiction

What AuditDSS covers

Source

1

Regulation

Extracted

28

Rules

Decomposed

108

Obligations

3.9x

Decomposition ratio

Each rule is decomposed into an average of 3.9 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 108 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in NCA ECC-2:2024 is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
NCA Essential Cybersecurity Controls (ECC-2:2024)
Regulatory body
National Cybersecurity Authority
Jurisdiction
🇸🇦 Saudi Arabia
Document type
regulation
Effective date
January 1, 2024
Industry
Medical Devices & Diagnostics

Who this applies to

government agenciesministriesauthoritiesestablishmentsaffiliated companiescritical national infrastructure operatorsprivate sector entities hosting CNIs

Key requirements

  • 4 main cybersecurity domains
  • 28 subdomains
  • 108 main controls
  • 92 subcontrols
  • cybersecurity governance
  • cybersecurity defense
  • cybersecurity resilience
  • third-party and cloud computing cybersecurity
  • risk management
  • identity and access management
  • incident management
  • business continuity

Frequently asked questions about NCA ECC-2:2024

What is NCA ECC-2:2024?
NCA baseline cybersecurity controls covering governance, defence, resilience, and third-party security for national organisations. Applies to government and critical private sector entities in Saudi Arabia.

Who does NCA ECC-2:2024 apply to?
NCA ECC-2:2024 applies to government agencies, ministries, authorities, establishments, affiliated companies, critical national infrastructure operators, private sector entities hosting CNIs.

How many obligations does NCA ECC-2:2024 contain?
AuditDSS has decomposed NCA ECC-2:2024 into 108 atomic obligations from 28 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of NCA ECC-2:2024?
The key requirements include: 4 main cybersecurity domains, 28 subdomains, 108 main controls, 92 subcontrols, cybersecurity governance, cybersecurity defense, cybersecurity resilience, third-party and cloud computing cybersecurity, risk management, identity and access management, incident management, business continuity.

How can I assess my NCA ECC-2:2024 compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 108 NCA ECC-2:2024 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces NCA ECC-2:2024?
NCA ECC-2:2024 is enforced in Saudi Arabia by National Cybersecurity Authority.

When did NCA ECC-2:2024 come into effect?
NCA ECC-2:2024 became effective on January 1, 2024.

What industry does NCA ECC-2:2024 apply to?
NCA ECC-2:2024 is primarily relevant to the Medical Devices & Diagnostics industry. AuditDSS covers 64 regulations in this industry sector.

Build a NCA ECC-2:2024 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for NCA ECC-2:2024 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering NCA ECC-2:2024 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine NCA ECC-2:2024 with other regulations into a single unified compliance pack for your business.

Build NCA ECC-2:2024 compliance pack

Already have a policy? Assess it against NCA ECC-2:2024

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 108 obligations

Your document is scored against every obligation in NCA ECC-2:2024. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Medical Devices & Diagnostics

🇺🇸 Live

Anti-Kickback Statute

38 rules, 1,238 obligations
🇦🇺 Live

ACL

13 rules, 211 obligations
🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Modern Slavery Act 2018

9 rules, 135 obligations
🇦🇺 Live

Privacy Act 1988

29 rules, 203 obligations
🇦🇺 Live

SOCI Act 2018

10 rules, 32 obligations
🇦🇺 Live

TGA Act 1989

13 rules, 199 obligations

Assess your NCA ECC-2:2024 compliance

Upload your document and get a risk-scored gap analysis against 108 NCA ECC-2:2024 obligations in under 5 minutes.

Start assessment Browse all regulations