NESA Compliance UAE2022-12-28T06:16:57+00:00

NESA Compliance UAE

Home » Home-UAE » NESA Compliance UAE

What is NESA in UAE

NESA is the abbreviation for National Electronic Security Authority. NESA, now known as Signals Intelligence Agency or SIA UAE, is authorised by the United Arab Emirates (UAE) government and is responsible for improving national cyber security by protecting its information and communications infrastructure.

ValueMentor is a leading Risk & Compliance service provider in UAE, helping companies achieve NESA / SIA Compliance using UAE Information Assurance Standards.

As part of this mandate, NESA has developed Information Assurance (IA) standards to provide security compliance requirements for entities that support critical national services across all sectors to have a minimum level of security.  ValueMentor’s team of  NESA UAE compliance experts helps organizations comply with the regulatory requirements of NESA with ease.

Our NESA UAE Consultancy Services

Our NESA UAE Consultancy Services

Would you like to speak to a NESA Consultant?


Phase 1 – Assessment

The first phase of a NESA Compliance project is to estimate the current state of compliance.

Identify Critical Assets

  • Project Initiation
  • Understand the organization
  • Identify critical business services
  • Identify information infrastructure

Gap & Risk Assessment

  • Assessment of current state and mapping it to NESA Standards
  • Identification of threats and vulnerabilities exploiting the gaps resulting in risk.

NESA Controls Identification

  • Identify cyber security controls that can mitigate the risks and thereby result in NESA Compliance.
  • Define NESA Risk treatment plan

NESA Compliance Reports

  • Develop the NESA mandated reports such as CII Operator reports, NESA Progress report and NESA Risk Assessment & Management document

Phase 2 – Control Development

This second phase of the project is to develop the controls to treat the risks identified. NESA Risk Treatment Plan provides the directions for this phase of the implementation.

NESA Policies & Procedures

  • NESA UAE policies and procedures establish the basis for implementing cyber security best practices.

Security Awareness

  • Humans are considered the most vulnerable link in cyber security. Security awareness improves human understanding in developing an organization’s cyber security posture.

Technology Controls

  • Security Architecture
  • Technology gaps
  • Configuration advisory

Management Controls

  • Operational controls
  • Physical Security
  • Managerial Controls

Phase 3 – Security Services

This phase of the engagement delivers existing security practices for the organization. Different services performed by the ValueMentor team are: –

Periodic Security Testing

  • Vulnerability Assessments
  • Penetration Testing
  • Security configuration reviews

SIEM & Incident Response

  • SIEM Solution deployment
  • 24×7 Security Monitoring
  • Security Device Management

Managed Network Security

  • Next Gen Firewalls, UTMs
  • URL Filter, Web Security
  • Wi-Fi Security
  • VPN and remote access security

Data & Endpoint Security

  • DLP Solutions
  • Patch Management
  • Endpoint security
  • Mobile Device Management

Phase 4 – Compliance Review

This phase of the engagement delivers existing security practices for the organization. Different services performed by the ValueMentor team are: –

ISMS Performance Review

Evaluate the performance of the ISMS against the defined metrics. It helps in the continual improvement of the ISMS.

NESA Internal Audits

Perform periodic ISMS audits to assess compliance with defined policies and procedures of NESA standards.

Mock Compliance Audit

Perform mock compliance audits help you identify the weak areas of ISMS implementation.

External Audit Support

Assist the customer during the compliance audit to meet the required NESA requirements.

Would you like to speak to a NESA Consultant?


Other Services in UAE


Related Insights

  • Gaming Security
    September 15, 2023
  • PCI Penetration Test
    September 12, 2023
  • Security Testing Services — Uncategorized
    September 6, 2023
Read all articles

Frequently Asked Questions (FAQ)

1. Who should comply with UAE NESA Standard?2022-09-20T08:23:33+00:00

NESA compliance goes mandatory for: –

  • All government organizations
  • Semi government organizations
  • BSFI, fintech organizations
  • Any business organization identified as UAE critical infrastructure


2. What are the goals of NESA’s IAS Standard?2022-09-20T08:35:31+00:00

The National Electronic Security Authority (NESA) Information Assurance Standards (IAS) UAE intends to enhance the overall cybersecurity in the nation. The major reasons behind the introduction of the NESA IAS standard is to: –

  • Improve the security of critical cyber assets in the UAE.
  • Lessen infrastructure security risk levels against any threats.
  • Promote cybersecurity threat awareness across the nation.
  • Improve infrastructure, resources, and technical capabilities.
3. How many security controls and standards fall under NESA’s IAS Standard?2022-09-20T08:37:17+00:00

UAE IAS includes 188 security controls and standards grouped into 4-tiers based on priority (from PI to P4). NESA designed these controls based on 24 threats collected from various industry reports and prioritized them based on the recorded breach ratio. P1 marks the tier with the highest priority and P4 with the lowest. Of the 188 security controls, 39 belong to tier P1, helping address 80 % of the breaches identified by NESA. Hence, implementing PI controls illustrates an organization’s foremost step towards achieving compliance with NESA requirements.

Go to Top