NESA Compliance Solution
The National Electronic Security Authority (NESA) is tasked with securing UAE’s Critical Information Infrastructure (CII) and improving national cyber security. To achieve this, NESA has introduced a set of assurance guidelines and standards for all government and other entities considered as critical national services. The main objective behind these guidelines is to improve cyber security awareness across the emirates, and foster collaboration at the sector and national levels. NESA has also developed a federal cyber risk framework based on international best practices and standards. With this framework, NESA will identify, assess, monitor, communicate and plan cyber security.Download Solution Brief
MetricStream NESA Compliance Software Solution
The MetricStream NESA Compliance Solution complies with NESA IA controls for control assessments and testing. The solution also comes prepacked with NESA’s National Cyber Risk Management Framework (NCRMF) and performs risk assessments on Critical Information Infrastructure (CIIs) at the entity, sector, and federal levels. The solution helps users to determine asset criticality, and capture important attributes like asset description, dependent assets, asset owners, and security requirements in terms of asset confidentiality, integrity and availability. It also helps protect these assets and streamlines the design and operating effectiveness of the base IA security controls used to protect the CIIs. It assesses threats and vulnerabilities and determines gaps in the implementation of security controls with respect to the NESA UAE IA standards.
- Establishes a centralized repository of NCRMF content and the ”IA Baseline Questionnaire/ Pre-Assessment Checklist”
- Builds relationships between Critical Information Infrastructure (CII) operators, CII Protection (CIIP) working groups, and NESA to function collaboratively
- Facilitates a risk-based approach to cyber security at the entity, sector, and national levels
- Generates a gap analysis report, highlighting the severity and control prioritization for technical and management controls
- Executive dashboards provide enterprise-wide visibility into the NESA compliance process, and highlight issues that need to be addressed
Leveraging the MetricStream technology will improve efficiencies and performance, by enabling enhanced collaboration, streamlining information gathering, and creating clear visibility for our internal audit program.