The Essential Cybersecurity Controls — Structure, Scope, and How Everything Else Builds on It
NCA Framework Family // ECC Deep Dive The Essential Cybersecurity Controls — Structure, Scope, and How Everything Else Builds on It Every conversation about NCA compliance eventually comes back to the ECC. It is the document that defines what "baseline" means in Saudi Arabia's cybersecurity regulatory landscape — and understanding it properly is the difference between a compliance programme that holds up under scrutiny and one that has structural gaps its team may not even know about. This piece walks through what the ECC actually is, how its five domains are structured, and — most importantly — how it functions as the shared foundation for every other NCA framework. The short version: The ECC is the mandatory cybersecurity baseline every in-scope organisation must meet. CSCC, CCC, OTCC, DCC, and TCC are all built on top of it. Compliance with any specialised framework presupposes ECC compliance — it does not replace it. 01 — What the ...