NESA – The National Electronic Security Authority of UAE

Contact Us for expert advice




For job opportunities, send resume to careers@pinnacledxb.com

With the proliferation of technology, the incidence of cyber crime has increased considerably, posing a serious risk of critical data loss. The National Electronic Security Authority (NESA) is the responsible authority for raising cyber awareness and advancing UAE’s cyber security to ensure protection of information assets. NESA compliance is critical to ensuring mitigation of identified information security risks for all government entities in the country.

There are 136 mandatory sub-controls in the NESA UAE IAS compliance requirements, which comprise 564 sub-controls, depending on risk assessment. Each sub-control is based on priority type in implementation – beginning from P1 to the lowest P4.

The IAS standards are based on ISO 27001:2005, with specific requirements for each control. Organizations must comply with the IAS standards and report progress on compliance to sector regulators or NESA partners, which are responsible to report to the National Electronic Security Authority.

What is NESA?

The UAE federal authority operates under the Supreme Council for National Security. With a focus on creating a secure collaborative culture at the national and sector level, NESA Dubai is working toward expanding cyber education and increasing cyber security awareness. NESA compliance is mandatory for all participating entities, including cyber security companies in UAE and others that deal with critical national information.

Sophisticated hackers do not confine themselves to a specific section of an organization and can attack any part of the business. As a result, organizations with control deficiencies are highly vulnerable to hacking and malware attempts. Therefore, NESA compliance for organizations dealing in critical information can help mitigate the risk and address the lack of security control.

Without any defined scope for implementation, CII controllers can effortlessly ensure organization-wide NESA compliance. Its use of latest technology and cyber security strategies enables NESA to implement four levels of monitoring to manage NESA partner compliance across the framework.

How Does It Function

The security authority is tasked with safeguarding nation’s critical information infrastructure and improving cyber security. In this regard, NESA has come up with a set of standards and guidance for critical sectors, including business entities and government and semi-government organizations.

Its mission is to create a cyber secure environment so that the nation enjoys unimpeded progress. The level of risk posed by your organization to the information infrastructure in UAE determines the way NESA will work with you. The risk is determined based on your present security controls and the inherent risk posed to your sector.

  • In the case of self-assessment report, NESA Abu Dhabi may request specific evidence from companies and stakeholders for auditing purpose. This ensures entities remain complaint.
  • NESA Dubai can require stakeholders to undergo tests of information security.
  • NESA can directly intervene if it suspects activities of an entity that threaten national security.

NESA Assessment & Cyber Security Companies in UAE

If you do not take steps for NESA compliance, you make your organization vulnerable to attack, given the fact that the standards highlight potential real-world cyber threats. Non-compliance also leaves you vulnerable to severe penalties.

With a mission to protect data and information infrastructure, NESA Abu Dhabi is responsible for strengthening the nation’s cyber security measures. NESA partners are taking steps to protect critical sectors against the threat posed by cyber criminals.

The IAS are based on the entity’s understanding of information security requirements that are devised to conduct risk assessments to identify risks and vulnerabilities and implement cyber security controls. It also involves monitoring the risks and controls, reviewing risk assessment, and ensuring continual improvement.

The NESA Dubai IAS standards are based on international information security protocols, and any entity showing NESA compliance should benefit from the implementation of such controls.

Please contact us for further information and clarifications.