NESA

(National Electronic Security Authority)

What is NESA compliance?

NESA stands for National Electronic Security Authority and is a government institution that aims to provide strict guidelines to organizations for keeping their information security capabilities in line with the highest standards to avoid cybersecurity threats. The compliance requirements are outlined under the UAE IA Standards which require organizations to implement them across their information assets and supporting systems.

Compliance with NESA UAE IA Standard is mandatory for all UAE government entities and other entities identified as critical by NESA as it is an essential facet of the National Cyber Security Strategy and also form as the minimum requirements for integrating the Sector and National platforms. For all other UAE entities, NESA highly recommends following the guidelines on a voluntary basis, in order to participate in raising the nation’s minimum security levels.

Organizations that follow these compliance requirements attain a number of benefits including greater protection of their information assets and fostering a security-conscious culture that is useful for overcoming emerging security challenges.

What does NESA involve?

The UAE IA Standards promote a life cycle approach for establishing, implementing, maintaining, and continuously improving Information Assurance. This life cycle approach ensures continual improvement of the UAE’s Information Assurance capabilities based on well-defined activities.

1
UNDERSTANDING

An entity’s and/or sector’s information security requirements and the need to establish a policy and objectives for information security

2
CONDUCTING

Conducting Risk assessments, identifying appropriate risk treatment actions, and selecting controls to manage the risks

3
IMPLEMENTING

Implementing security controls to manage information security risks in the context of the entity’s or sector’s overall business risks

4
MONITORING and ENSURING

Performance and effectiveness of the information security processes and Ensuring continual improvement based on objective measurements

NESA Compliance Approach

The implementation of NESA Compliance should be undertaken in 4 phases

CRITICAL SERVICES IDENTIFICATION

Phase 1

Project Planning, Identify Critical Business Services across the organization, and Identify Critical Information Infrastructures (CII) supporting critical business services.

Gap and Risk Assessment

Phase 2

Assess existing control gaps vis-a-vis NESA UAE IA Standard, Assess threats and vulnerabilities that can exploit the gaps, Identify Cybersecurity controls that will reduce the identified risks, and Define a detailed NESA Implementation Roadmap Perform Data classification.

Control Development and Implementation

Phase 3

Develop P1, P2, P3, P4 controls Implement support for each and conduct comprehensive security awareness program

Control Effectiveness Check & Audit

Phase 4

Assess the performance of the implemented controls, Conduct pre-compliance audit and Assist the organization in meeting compliance to NESA requirements during the compliance audit

We Want to Hear from You !!

Contact us today to learn more about our products and services.

Contact Us