The National Electronic Security Authority (NESA) is the United Arab Emirates (UAE) federal authority responsible for the advancement of the nation’s cyber security. NESA has produced a set of standards and guidelines for government entities in critical sectors in order to protect the UAE’s critical data/information infrastructure. This aligns UAE organizations and government with a stronger national cyber security posture. Compliance with these standards is mandatory for all government organizations, semi-government organizations, and business organizations that are identified as critical infrastructure to the UAE
NESA aims to provide strict guidelines to organizations for keeping their information security capabilities in line with the highest standards to avoid cyber security threats. The compliance requirements are outlined under the UAE IA Standards which require organizations to implement them across their information assets and supporting systems.
Organizations that follow these compliance requirements attain a number of benefits including greater protection of their information assets, and fostering of a security-conscious culture that is useful for overcoming emerging security challenges.
The UAE-NESA standards consists of 188 security controls From the 188 controls, NESA mandates 35 controls that help entities in building the information security foundation. These controls are required to be implemented by all the relevant entities irrespective of the outcome of the NESA Risk Assessment results. Controls are divided into two families:
- Management security controls
- Technical security controls
Under Management security controls NESA covers:
- Strategy & planning
- Information security risk management
- Awareness & training
- Human resource security
- Performance evaluation & improvement
Under Technical security controls NESA covers:
- Asset management
- Physical & environmental security
- Operations management
- Access control
- Third-party security
- Information systems acquisition, development, and maintenance
- Information security incident management
- Information security continuity management
Dos of NESA Compliance:
- Detect, respond, and recover from significant security incidents and reduce impact on the society and economy of the UAE.
- Strengthen security of critical information infrastructure and reduce corresponding Risk levels.
Don’ts of NESA Compliance:
- The organizations should not define any scope, as NESA specifies the scope of compliance in the entire organisation.
Our NESA Compliance consulting services helps organizations reduce complexities and improve integration of Information Security.