Sentinel UnityGRC Platform
KSA Mandatory

NCA ECC Compliance — All 51 Controls, One Platform

The National Cybersecurity Authority Essential Cybersecurity Controls are mandatory for Saudi government entities and critical infrastructure. Sentinel Unity provides complete assessment templates, control mapping, and gap analysis for every ECC domain.

Issued by: National Cybersecurity Authority (NCA) • Applies to: Government & Critical Infrastructure

See a DemoView All Frameworks
51
Controls
5
Domains
5
Maturity Levels
Mandatory
Compliance

ECC Domains

Five domains covering all dimensions of cybersecurity

01
12 Controls

Cybersecurity Governance

Leadership accountability, cybersecurity strategy, policy framework, and organizational risk management.

  • CISO appointment
  • Cybersecurity strategy
  • Policy & procedures
  • Risk management framework
02
18 Controls

Cybersecurity Defense

Technical and operational controls: identity management, network security, endpoint protection, and application security.

  • Identity & access management
  • Network protection
  • Endpoint security
  • Application security
03
8 Controls

Cybersecurity Resilience

Incident response, disaster recovery, business continuity, and crisis management capabilities.

  • Incident response plan
  • Disaster recovery
  • Business continuity
  • NCA breach notification
04
7 Controls

Third-Party & Cloud Security

Third-party risk management and cloud environment security controls.

  • Vendor risk assessment
  • Cloud security baseline
  • Contractual controls
  • Sub-contractor management
05
6 Controls

Industrial Control Systems

OT/ICS security controls for organizations operating industrial environments.

  • ICS risk assessment
  • OT network isolation
  • ICS incident response
  • Patch management for OT

Platform Support

Everything you need for NCA ECC compliance

Pre-built Assessment Templates

Start assessing immediately with ready-made templates covering all 51 NCA ECC controls — no configuration required.

Control Maturity Scoring

Score each control across five maturity levels and track improvement over time with trend analytics.

Evidence Management

Attach policies, screenshots, and audit artefacts directly to each control record for audit-ready documentation.

Gap Analysis Reports

Automatically generate gap analysis reports showing your current posture versus full NCA ECC compliance.

Cross-mapping to ISO 27001 & NIST CSF

Reuse evidence across frameworks. Controls assessed for NCA ECC automatically contribute to ISO 27001 and NIST CSF assessments.

Audit-Ready Evidence Packages

Export a complete, structured evidence package for NCA assessors or internal auditors with one click.

Maturity Model

Five-level NCA ECC maturity scale

Sentinel Unity scores every control against the NCA ECC maturity model and tracks your progress toward full compliance.

Level 1
Initial

Controls exist informally or not at all. No documented processes or repeatable practices.

Level 2
Developing

Controls are partially implemented. Processes are documented but inconsistently followed.

Level 3
Defined

Controls are fully documented and consistently applied across the organization.

Level 4
Managed

Controls are measured, monitored, and reviewed against defined performance metrics.

Level 5
Optimizing

Continuous improvement is embedded. Controls are proactively refined based on threat intelligence.

Ready to assess your NCA ECC compliance posture?

Join banks, government entities, energy, telecom, and diversified groups across the Gulf who use Sentinel Unity to govern risk, manage compliance, and protect their organizations.

Book a Live DemoContact Sales

No commitment required. Typical demo is 45 minutes.