NESA Compliance Services in UAE

,
NESA-Compliance-Process

About NESA Compliance

NESA Compliance provides a framework for achieving effective cyber security. NESA UAE, National Electronic Security Authority, is setup to improve the national cyber security efforts across UAE. NESA operates under the Supreme Council for National Security. Being a federal authority responsible for improving the cyber security, increasing awareness and collective cyber security risk management of UAE.

NESA had released a number of documents (NESA Guidelines and Standards) to help organizations improve their cyber security. NESA compliance is mandatory for all government entities in UAE and those entities identified as critical information infrastructure by NESA.

NESA Standards

NESA UAE involves compliance to cyber security requirements based on the UAE National Cyber Security Strategy (NCSS), developed and governed by NESA, which defines the protection requirements of UAE Cyberspace. The primary standard to follow for NESA compliance is UAE Information Assurance Standards (UAE IAS). Additionally, the NESA National Cyber Risk Management Framework defines the NESA Risk Assessment process.

Our approach towards NESA Compliance

ValueMentor approaches NESA Compliance in a phased manner.

NESA-Compliance-Process

NESA IAS is a set of 188 controls which includes 35 mandatory controls. The mandatory controls are considered as “Always Applicable” as they form the founding capabilities of cyber security management in an organization. Rest of the controls from the UAE IAS (153 security controls) are to be implemented based on the applicability derived based on the risk assessment results.