Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-3-1
Cybersecurity Requirements For Protecting Information Systems And Information Processing Facilities
Must Be Defined, Documented And Approved.
Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-3-2
The Cybersecurity Requirements For Protecting Information Systems And Information Processing
Facilities Must Be Implemented.
Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-3-3
- The cybersecurity requirements for protecting information systems and information processing facilities must include at least the following:
- Advanced, up-to-date and secure management of malware and virus protection on servers and workstations.
- Restricted use and secure handling of external storage media.
- Patch management for information systems, software and devices.
- Centralized clock synchronization with an accurate and trusted source (e.g.,Saudi Standards, Metrology and Quality Organization (SASO))
Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-3-4
The Cybersecurity Requirements For Protecting Information Systems And Information Processing
Facilities Must Be Reviewed Periodically.