🇸🇦 Live Transportation

SAMA Cyber Security Framework

Establishes cybersecurity requirements for financial institutions supervised by the Saudi Arabian Monetary Authority, covering governance, risk management, access control, and incident response. Applies to banks, insurance companies, and finance companies operating in Saudi Arabia.

View official source document

16

Rules extracted

64

Obligations decomposed

4.0x

Avg obligations per rule

🇸🇦 Saudi Arabia

Jurisdiction

About this regulation

Mandatory cybersecurity framework for all SAMA-regulated financial institutions in Saudi Arabia, covering banks, insurance companies, finance companies, and payment service providers. Organized into four main domains with sub-domains covering governance, risk, operations, technology, and third-party management.

What AuditDSS covers

Source

1

Regulation

Extracted

16

Rules

Decomposed

64

Obligations

4.0x

Decomposition ratio

Each rule is decomposed into an average of 4.0 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 64 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in SAMA CSF is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
SAMA Cyber Security Framework
Regulatory body
Saudi Arabian Monetary Authority
Jurisdiction
🇸🇦 Saudi Arabia
Document type
framework
Effective date
May 1, 2017
Issuing authority
Saudi Arabian Monetary Authority (SAMA)
Industry
Transportation
Official source
View source document ↗

Who this applies to

banksinsurance companiesfinance companiespayment service providerscredit bureaus

Key requirements

  • cyber security governance
  • risk management
  • identity and access management
  • application security
  • infrastructure security
  • cryptography
  • incident management
  • third-party security
  • 2-hour incident reporting

Frequently asked questions about SAMA CSF

What is SAMA CSF?
Mandatory cybersecurity framework for all SAMA-regulated financial institutions in Saudi Arabia, covering banks, insurance companies, finance companies, and payment service providers. Organized into four main domains with sub-domains covering governance, risk, operations, technology, and third-party management.

Who does SAMA CSF apply to?
SAMA CSF applies to banks, insurance companies, finance companies, payment service providers, credit bureaus.

How many obligations does SAMA CSF contain?
AuditDSS has decomposed SAMA CSF into 64 atomic obligations from 16 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of SAMA CSF?
The key requirements include: cyber security governance, risk management, identity and access management, application security, infrastructure security, cryptography, incident management, third-party security, 2-hour incident reporting.

How can I assess my SAMA CSF compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 64 SAMA CSF obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces SAMA CSF?
SAMA CSF is enforced in Saudi Arabia by Saudi Arabian Monetary Authority.

When did SAMA CSF come into effect?
SAMA CSF became effective on May 1, 2017.

What industry does SAMA CSF apply to?
SAMA CSF is primarily relevant to the Transportation industry. AuditDSS covers 64 regulations in this industry sector.

Build a SAMA CSF compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for SAMA CSF — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering SAMA CSF requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine SAMA CSF with other regulations into a single unified compliance pack for your business.

Build SAMA CSF compliance pack

Already have a policy? Assess it against SAMA CSF

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 64 obligations

Your document is scored against every obligation in SAMA CSF. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Transportation

🇦🇺 Live

CASR 1998

10 rules, 97 obligations
🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

EPBC Act

16 rules, 153 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Modern Slavery Act 2018

9 rules, 135 obligations
🇦🇺 Live

NGER Act 2007

18 rules, 121 obligations
🇦🇺 Live

HVNL

10 rules, 88 obligations
🇦🇺 Live

Privacy Act 1988

29 rules, 203 obligations

Assess your SAMA CSF compliance

Upload your document and get a risk-scored gap analysis against 64 SAMA CSF obligations in under 5 minutes.

Start assessment Browse all regulations