NCA Operational Technology Cybersecurity Controls Framework

This document is a technical report detailing the Saudi Arabia National Cybersecurity Authority’s (NCA) Operational Technology Cybersecurity Controls (OTCC-1:2022) framework. The framework aims to enhance the protection of industrial control systems (ICS) and operational technology (OT) environments by outlining a set of cybersecurity controls specifically designed for ICS. It focuses on mitigating cyber threats and ensuring compliance with international best practices, playing a crucial role in securing critical infrastructures. The report describes the Xage Fabric, a cybersecurity platform that employs zero-trust principles to safeguard OT and ICS environments. It details the framework's four key domains, each containing specific sub-domains and controls, and emphasizes the importance of compliance for organizations in Saudi Arabia's ICS and OT sectors. The consequences of non-compliance are also discussed, including regulatory penalties and increased vulnerability to cyberattacks. The report concludes by mapping the NCA OTCC-1:2022 technical requirements to the capabilities of the Xage Fabric Platform, demonstrating its alignment with the framework's objectives.