-
- Home
>
-
- Blog
>
-
- Compliance
Comply with National Cybersecurity Authority OTCC-1:2022 Using LogRhythm SIEM
- Sep 05, 2024
- Kyle Dimitt
- 5 minutes to read
Table of Contents
What is the NCA OTCC-1:2002?
The National Cybersecurity Authority (NCA) in the Kingdom of Saudi Arabia created the Operational Technology Cybersecurity Controls (OTCC-1:2022) framework to enhance the cybersecurity posture of vital operational environments, particularly within critical national infrastructure.
The framework’s role encompasses the establishment of cybersecurity policies and standards to safeguard nations’ digital infrastructure against evolving cyberthreats. Released in 2022, the Operational Technology Cybersecurity Controls (OTCC-1:2022) was developed as an extension to NCA’s Essential Cybersecurity Controls (ECC-1:2018) to increase the protection of OT/ICS assets.
These controls serve as a detailed guide for organizations to enhance their cybersecurity posture, providing a robust foundation for organizations to navigate the dynamic landscape of cybersecurity threats. Each control covers concepts that include risk management, incident response, and access controls, thus enabling national organizations to fulfill mandated cybersecurity requirements to increase the protection of their critical infrastructure and readiness level towards security risks.
Overview of principal NCA OTCC requirements
| Cybersecurity Governance | Establish governance structures and policies to oversee cybersecurity initiatives related to operational technology. Define roles and responsibilities. Employ risk, project, and change management protocols that will protect the organization’s assets via the maintenance of its CIA triad. Provide personnel with cybersecurity awareness programs. |
| Cybersecurity Defense | Implement measures that protect the operational technology systems from cyberthreats and attacks. Deploy security controls such as firewalls, intrusion detection systems (IDS), endpoint security, and threat intelligence technology to protect against unauthorized access and mitigate security risks. Coordinate incident response protocols. |
| Cybersecurity Resilience | Implement disaster recovery procedures and business continuity strategies to minimize the impact of cybersecurity incidents on critical operations. |
| Third-Party Cybersecurity | Assess the cybersecurity posture of third-party entities, establish contractual obligations for cybersecurity, and monitor third-party activities to mitigate potential risks to OT environments. |
How LogRhythm SIEM supports NCA OTCC requirements
The LogRhythm SIEM platform provides an in-depth solution for ensuring compliance with NCA OTCC requirements. In the table below, learn a high-level overview of how Exabeam’s self-hosted solution can help you achieve your compliance goals.
| Category | Main Domain | Main Domain Objective | How LogRhythm SIEM Supports |
| Cybersecurity Governance | 1.3 Cybersecurity Risk Management | To ensure managing cybersecurity risks in a methodological approach to protect the organization’s OT/ICS assets as per organizational policies and procedures, and related laws and regulations. | Utilize detailed reporting on all activity of your critical assets giving you essential information to perform thorough risk-assessments. |
| 1.5 Cybersecurity in Change Management | To ensure that cybersecurity requirements are included in change management methodology and procedures to maintain safe implementation of change requests in OT/ICS environment by exercising due diligence analysis and control of the changes. | Track changes in your environments to ensure change management procedures in your environments are following approved processes. | |
| 1.6 Periodical Cybersecurity Review and Audit | To ensure that OT/ICS cybersecurity controls are implemented and in compliance with organizational policies and procedures, as well as related national and international laws, regulations and agreements. | Review user, provisioning, change, and host activity to ensure that activity in your environments maintain compliance with documented policies and procedures. | |
| Cybersecurity Defense | 2.1 Asset Management | To ensure that the organization has an accurate and detailed inventory of OT/ICS assets in order to support the organization’s cybersecurity and operational requirements to maintain the production uptime, safe operations, confidentiality, integrity, and availability of OT/ICS assets. | Utilize Entity Management to track asset activity and integrity. |
| 2.2 Identity and Access Management | To ensure secure and restricted logical access to OT/ICS assets in order to prevent unauthorized access and allow only authorized access for users, which are necessary to accomplish assigned tasks. | Monitor access to critical environments within dashboards and produce reports of that access to show no inappropriate access occurred. | |
| 2.3 System Processing Facility Protection | To ensure the protection of OT/ICS systems and processing facilities (including workstations, servers and Safety Instrumented Systems “SIS”) against cyber risks. | ||
| 2.4 Network Security Management | To ensure the protection of the organization’s OT/ICS networks from cyber risks. | Monitor access and changes to configurations for assets as well as the latest threat techniques to protect against cyber threats. | |
| 2.5 Mobile Device Security | To ensure the protection of mobile devices (including laptops, handheld configuration devices, network test devices, etc.) from cyber risks and to ensure the secure handling of sensitive data and the organization’s information. | Alert and report on all devices and systems that produce log data including mobile device management systems. | |
| 2.6 Data and Information Protection | To ensure the confidentiality, integrity, and availability of organization’s data and information as per organizational policies and procedures, and related laws and regulations. | Alerts and reports on critical system data provides readiness to address problems when they arise and report on their success. | |
| 2.7 Cryptography | To ensure the proper and efficient use of cryptography to protect information assets as per organizational policies and procedures, and related laws and regulations. | Monitor for outdated and unsecure cryptographic standards in use in your environments. | |
| 2.8 Backup and Recovery Management | Alert and report on all devices and systems that produce log data including mobile device management systems. | Use pre-packaged reports and alerts to show log data over systems. | |
| 2.9 Vulnerabilities Management | To ensure timely detection and effective remediation of technical vulnerabilities to prevent or minimize the probability of exploiting these vulnerabilities to launch cyberattacks against the organization. | Use AIE alerts to triage threat and vulnerabilities in real time. | |
| 2.11 Cybersecurity Event Logs and Monitoring Management | To ensure timely collection, analysis, and monitoring of cybersecurity events for early detection of potential cyberattacks to prevent or minimize the negative impacts on the organization’s operations. | Bring in logs from all critical systems for live analysis and reporting. | |
| 2.12 Cybersecurity Incident and Threat Management | To ensure timely identification, detection, effective management, and handling of cybersecurity incidents and threats to prevent or minimize negative impacts on organization’s OT/ICS operation. | Use AIE alerts to triage threat and vulnerabilities in real time. | |
| 2.13 Physical Security | To ensure the protection of OT/ICS assets from unauthorized physical access, loss, theft, and damage. | Connect physical security systems to monitor for physical access to critical access and any instances of unauthorized access. | |
| Cybersecurity Resilience | 3.1 Cybersecurity Resilience Aspects of Business Continuity Management (BCM) | To ensure the inclusion of the cybersecurity resiliency requirements within the organization’s business continuity management and to remediate and minimize the impacts on OT/ICS environment from disasters caused by cybersecurity incidents. | Utilize log data and alerts to practice business continuity exercises and be prepared when the time comes. |
| Third-Party Cybersecurity | 4.1 Third-Party Security | To ensure the protection of organizational assets against the cybersecurity risks related to third parties, including manufactures of OT/ICS-related hardware and software, vendors of OT/ICS products and suppliers of OT/ICS-related services as per organizational policies and procedures, and related laws and regulations. |
LogRhythm SIEM NCA OTCC Compliance Suite
The LogRhythm SIEM comes built-in with an NCA OTCC Compliance Suite, providing augmented and direct support of control objectives through pre-bundled Investigations, Alarms, AIE Rules, and Reports. Alarms and Reports are automatically associated with the correct NCA OTCC asset categories. You can then schedule Reports for periodic generation and delivery or generate them on demand. To identify areas of non-compliance in real time, you can leverage Investigations and Alarms for immediate analysis of activities that impact your organization’s operational technology environments.
If you’d like to see first-hand how the LogRhythm SIEM can help you automate your organization’s NCA OTCC compliance, schedule a demo with us today.
- Tags
- NCA OTCC
- OTCC-1:2022
Kyle Dimitt
Compliance Engineer, Research | Exabeam | Kyle Dimitt is a Compliance Engineer, Research at Exabeam. He researches and develops content in Exabeam’s product suite that enables customers to maintain their compliance status with information security frameworks across the globe, leveraging his background in public accounting, audit, risk, and industry knowledge. He has over 10 years of experience in information security and audit. Kyle received a BS in Information Systems and Technology from Doane University. He enjoys reading, hiking, motorcycles, music, and giving back to his communities.
More posts by Kyle DimittLearn More About Exabeam
Learn about the Exabeam platform and expand your knowledge of information security with our collection of white papers, podcasts, webinars, and more.
-
Blog
What’s New with New-Scale in October 2025: Measurable, Automated, Everywhere Security Operations
- Show More
