Governance domain
Cybersecurity Governance
Leadership accountability, strategy, policy, and organizational risk management.
- CISO role
- Cyber strategy
- Policy framework
- Risk management
The National Cybersecurity Authority Essential Cybersecurity Controls are mandatory for Saudi government entities and critical infrastructure. Sentinel Unity maps domains and controls to assessments, evidence, and cross-framework standards.
Issued by: National Cybersecurity Authority (NCA) · Applies to: government and critical infrastructure in the Kingdom
Five
Domains
Fifty-one
Controls (ECC)
Five
Maturity levels
Mandatory
For in-scope entities
Structure
Governance domain
Leadership accountability, strategy, policy, and organizational risk management.
Defense domain
Identity, network, endpoint, and application security controls.
Resilience domain
Incident response, disaster recovery, and recovery planning capabilities.
Third-party domain
Vendor risk and cloud environment security.
ICS domain
OT/ICS security for industrial environments.
Platform mapping
Controls live in the framework library, linked to assessments, evidence, findings, and reports.
Start assessments against ECC controls with questionnaire templates and evidence fields.
Score controls on the ECC maturity scale and track improvement over time.
Attach policies, artefacts, and screenshots to control records for examinations.
Report current posture versus target maturity by domain and control.
Reuse evidence across national and global standards where controls align.
Structured evidence packages for assessors and internal audit.
Maturity
Maturity scoring in the platform follows the ECC model from initial through optimizing.
Level 1
Initial
Informal or absent controls; no repeatable practice.
Level 2
Developing
Partial implementation; documented but inconsistent.
Level 3
Defined
Documented and consistently applied.
Level 4
Managed
Measured and monitored against metrics.
Level 5
Optimizing
Continuous improvement based on threats and lessons learned.
Book a demo with our GRC specialists to see how Sentinel Unity supports programs across the Gulf.
No commitment required. Typical demo is 45 minutes.