NESA FAQ

1) Who is NESA, and what is UAE IAS?

The National Electronic Security Authority (NESA) is the UAE’S federal authority. They are responsible for the advancement of cybersecurity across the nation. With an aim to protect the UAE’s critical data information infrastructure and improve national cybersecurity, NESA introduced the UAE Information Assurance Standards (UAE IAS).  Compliance with the set standards is mandatory for all government organizations, semi-government organizations, and business organizations who are identified as critical infrastructure to UAE.

Also Read:- Brief Insight on what is NESA Compliance

2) What was the objective of introducing NESA’s IAS Standard?

NESA’s UAE IAS regulations were introduced to improve the overall cybersecurity in the UAE. Over and above that here are some other reasons why IAS Regulations were introduced: 

  • Strengthen the security of the UAE’s critical cyber assets and reduce relevant risk levels. 
  • Protect the UAE’s critical infrastructure against any threat.  
  • Improve cybersecurity threat awareness across the UAE.
  • Develop Infrastructure and technical capabilities.

 

3) Which organizations are expected to be compliant with NESA’s IAS Standard?

NESA Compliance is mandatory for: 

  • Government organizations 
  • Semi-government organizations 
  • Any Business organizations that are identified as UAE’s critical infrastructure.

4) How many security controls and standards are there under the NESA’s IAS Compliance?

The UAE’s IAS Standard includes 188 security controls and standards which are all grouped into different categories based on priority. Ranging from P1 which is of the highest priority to P4 which is of the lowest priority. NESA created a list of security controls based on 24 threats that were compiled from various industry reports. Based on the reports, security controls are prioritized and so out of the 188 security controls listed, 39 of them are listed as P1 controls. This means 39 security controls address 80% of the possible security threats identified by NESA. So, implementing P1 Controls in an organization becomes the first step towards achieving Compliance and setting a sturdy foundation against cyberattacks.

Also Read:- NESA’s IAS Standards & Security Controls


5) What does NESA’s audit and compliance process involve?

The UAE’s IAS Standard includes 188 security controls and standards which are all grouped into different categories based on priority. Ranging from P1 which is of the highest priority to P4 which is of the lowest priority. NESA created a list of security controls based on 24 threats that were compiled from various industry reports. Based on the reports, security controls are prioritized and so out of the 188 security controls listed, 39 of them are listed as P1 controls. This means 39 security controls address 80% of the possible security threats identified by NESA. So, implementing P1 Controls in an organization becomes the first step towards achieving Compliance and setting a sturdy foundation against cyberattacks.

NESA’s audit report adopts a tiered approach for enforcing UAE’s IAS Compliance. The level of risk determines how closely NESA will be working with the organization for IAS enforcement. The IAS Standard outlined by NESA is mandatory for organizations, and all the relevant entities identified critical to the nation’s information security infrastructure, irrespective of the NESA Risk Assessment results. The below give framework clearly outlines the process or procedures for adhering NESA’s Compliance rules. 

ProcedureImpact
ReportingMaturity-based self-assessment by stakeholders in line with the mandatory requirements.
AuditingWhen considered appropriate, NESA can audit stakeholders by requesting specific evidence to support their self-assessment report
Testing NESA can suggest certain tests of the information security measures that are currently in place.
National Security InterventionIn extreme cases, NESA may directly intervene when an entity’s activities are leading to an unacceptable level of national security risks.

 

Also Read : NESA’s Compliance Enforcement and Penalties

Previous articleGlobal Equity Services: Clients & Friends Quarterly Newsletter – June 2020
Next articleGlobal: Raising Debt During COVID-19