A simple icon, consisting of a series of links surrounded by a circle, is a common symbol for a connection or hyperlink. The lines of the icon are outlined in a dark black color on the background, with the addition of military elements of the Saudi national identity such as the Ghutra, Shamaa, and Saudi Bisht, to reflect the distinctive local character of Qassim University.
Links to official Saudi educational websites end with edu.sa
All links to official educational websites of government agencies in Saudi Arabia end with .edu.sa.
Black leather minimalist gesture tag, black circular grip, topped with a clear depiction of a Saudi tunic with a shamma and aqal, emphasizing the features of the Saudi bisht. This design symbolizes the concept of security and digital data privacy and reflects the identity of Qassim University.
protocol for encryption and security. HTTPS for encryption and security.
Secure websites in the Kingdom of Saudi Arabia use the HTTPS protocol for encryption.
Digital Government Authority

Registered with the Digital Government Authority with no: 20250413538

Qassim University logo
Open search engine
Search
MyQU Single Sign-On Portal
MyQU

Cybersecurity Management

Cybersecurity controls for operational systems

The “Operational Technology Cybersecurity Controls” (OTCC-1: 2022) document, issued by the National Cybersecurity Authority in the Kingdom of Saudi Arabia, is a comprehensive regulatory framework specifically designed to protect Industrial Control Systems (ICS) and critical national infrastructure.

These controls aim primarily to raise national readiness to confront the increasing cyber risks targeting industrial operations, and to ensure the continuity of vital services whose disruption could lead to significant negative impacts on national security, the economy, or public health and safety.

This document is a complementary extension of the Essential Cybersecurity Controls (ECC-1: 2018), focusing specifically on the operational and technical aspects of manufacturing, energy, and other utility environments.

The structural framework of the document relies on four fundamental components aimed at comprehensive protection: cybersecurity governance, cybersecurity enhancement (defense), cybersecurity resilience, and external cybersecurity.

These components branch out into 23 sub-components, which collectively include 47 main controls and 122 sub-controls, covering vital areas such as asset management, network security, data protection, vulnerability management, backup, and identity and access management.

The document takes into account four main pillars to ensure the effectiveness of implementation, which are: strategy, people, processes, and technology. These controls apply a tiered methodology to determine the mandatory nature of security requirements based on the facility's sensitivity, dividing them into three levels, starting with “Level 1” for highly sensitive facilities, which includes 151 controls, down to “Level 3” for low-sensitivity facilities, which includes 56 controls. The compliance of entities with these controls is assessed through self-assessment tools and on-site audit visits conducted by the authority, ensuring the actual and continuous application of cybersecurity standards across various vital sectors in the Kingdom.

The document requires entities to integrate cybersecurity requirements into the lifecycle of operational system projects, including factory and field acceptance testing, and to ensure the availability of qualified and trained human resources to handle these complex systems.

Suggestions

Single Sign-On Portal
Achievement
E-learning
Email
Directory of services
Query services

Cookies

This website uses special cookies to ensure ease of use, improve your browsing experience, and clarify the terms and policies related to About user privacy. By continuing to browse this website, you acknowledge that you accept the use of cookies and the terms of the Privacy Policy

Accept