Everything You Need To Know About NESA Compliance
The National Electronic Security Authority, NESA UAE, is a UAE federal authority responsible for the cyber security of the United Arab Emirates. NESA operates under the auspicious of the UAE Supreme Council for National Security. The primary objectives of NESA are to define a national cyber security strategy that enables the progress or advancement of cyber security in the UAE, increase cyber security awareness within the UAE, and develop a collaborative culture.
A key step towards the NESA Compliance is to develop a standard framework for UAE cyber security, officially known as “UAE IA Standards” or “UAE Information Assurance Standards”. NESA expects all the critical national services to implement the cyber security controls listed in the UAE IA Standards to protect the information infrastructure offered by Government organizations and selected critical businesses.
The content in this microsite is developed based on our experience within the information security domain and is mostly useful for achieving nesa compliance. However, it is fair to mention that the compliance environment is unique to every organization and the guidance or documents provided here may not be suitable for your environment and may not lead your organization in complying with NESA UAE requirements.
About National Electronic Security Authority Compliance
National Electronic Security Authority Compliance provides a framework for achieving effective cyber security. NESA UAE, National Electronic Security Authority, is set up to improve the national cyber security efforts across UAE. NESA operates under the Supreme Council for National Security. Being a federal authority responsible for improving the cyber security, increasing awareness, and collective cyber security risk management of UAE.
NESA had released a number of documents (NESA Guidelines and Standards) to help organizations improve their cyber security. This is a mandatory compliance for all government entities in UAE and those entities identified as critical information infrastructure by NESA.
National Electronic Security Authority Standards
NESA UAE involves compliance to cyber security requirements based on the UAE National Cyber Security Strategy (NCSS), developed and governed by NESA, which defines the protection requirements of UAE Cyberspace. The primary standard to follow for this compliance is UAE Information Assurance Standards (UAE IAS). Additionally, the NESA National Cyber Risk Management Framework defines the NESA Risk Assessment process.
Our approach towards NESA Compliance
ValueMentor approaches NESA Compliance in a phased manner.
NESA IAS is a set of 188 controls which includes 35 mandatory controls. The mandatory controls are considered as “Always Applicable” as they form the founding capabilities of cyber security management in an organization. The rest of the controls from the UAE IAS (153 security controls) are to be implemented based on the applicability derived based on the risk assessment results.