Saudi Arabia enforced the Cybersecurity Regulation Framework

Saudi Communications and Information Technology Commission released the Comprehensive Cybersecurity Regulation Framework for Service Providers in the ICT and Postal sectors (CFR). The CFR provides requirements for management of cybersecurity risks in line with international best practices and local cybersecurity regulations for Saudi Service providers in ICT and Postal sector, including:

  • Risk management methodology,

  • Encouragement of providers to apply good practices for cybersecurity measures

  • Ensuring  confidentiality, integrity and availability of the services provided to customers.

CFR also introduced the classification of Service providers on the basis of belonging to the critical infrastructure and established specific cybersecurity requirements.