Saudi Central Bank Cyber Security Framework
The mandatory cybersecurity framework for Saudi financial institutions — with native Arabic reporting.
118 mapped controls
What it is
The Saudi Central Bank (SAMA) Cyber Security Framework is mandatory for all member organizations — banks, insurers, and financing companies — and is among the most prescriptive in the region, organized into governance, risk management, operations, and third-party domains with maturity-level expectations. It frequently overlaps with the NCA's Essential Cybersecurity Controls (ECC). GovernIQ maps SAMA and ECC together, scores them with NIST and ISO, and generates audit-ready reports in native Arabic with correct right-to-left formatting — not a machine translation — so compliance teams stop rebuilding crosswalk spreadsheets by hand.
Who it applies to
- SAMA-regulated banks and financing companies
- Insurance and reinsurance firms
- Payment service providers and fintechs
How GovernIQ maps it
- 1
Unify SAMA + ECC
Map SAMA and NCA ECC to a single set of controls.
- 2
Score with NIST & ISO
See one unified posture across all four frameworks.
- 3
Evidence to control
Link evidence directly to each mapped control.
- 4
Report in Arabic
Generate audit-ready, right-to-left Arabic reports.
Sample control crosswalk
| Control | Mapped across frameworks |
|---|---|
| Access enforcement | SAMA 3.3.5ECC 2-2-1ISO A.5.15NIST PR.AC-1 |
| Incident response | SAMA 3.3.15ECC 2-13-1ISO A.5.24NIST RS.RP-1 |
| Third-party risk | SAMA 3.4.1ECC 4-1-1ISO A.5.19NIST GV.SC-1 |
SAMA reports generate natively in Arabic with full right-to-left formatting.