NCA Frameworks & Cybersecurity Certifications Guide
A guide to NCA frameworks (SCyWF, ECC, CSCC, CCC) and how to pair them with global cybersecurity certifications for a strong Saudi career path.
الهيئة الوطنية للأمن السيبراني (NCA) هي المرجع التنظيمي للأمن السيبراني في المملكة، وأصدرت عدة أطر إلزامية على الجهات الوطنية وأخرى توجيهية للقطاع الخاص.
أبرز الأطر: SCyWF لتصنيف الكوادر السيبرانية، ECC للضوابط الأساسية، CSCC للأنظمة الحساسة، و CCC للحوسبة السحابية. فهم هذه الأطر مطلوب لأي وظيفة أمن سيبراني في الجهات الحكومية أو شركاتها.
هذا الدليل يشرح ترتيب الأطر، ولمن تناسب، وكيف تربطها بشهادات عالمية مكمّلة (Security+, CISSP, ISO 27001 Lead) لتصنع مسارًا قويًا داخل السوق السعودي.
Recommendations
National framework for classifying and qualifying cybersecurity professionals in Saudi Arabia by job track.
Mandatory baseline cybersecurity controls framework for Saudi national entities.
Controls for protecting critical systems within national entities per NCA requirements.
Mandatory NCA controls for cloud service adoption in national entities.
CompTIA Security+
CompTIA
Foundational cybersecurity certification covering core security concepts and operations.
CISSP
ISC2
Globally recognized certification for security engineers and leaders designing and managing security programs.
Certified Information Security Manager focused on governance and risk management (GRC).
Certified Information Systems Auditor — global benchmark for IT audit and control.
Want a personal recommendation?
Answer 3 quick questions in the personalized roadmap and get a tailored 3-step certification path.
Start the roadmapFAQ
What is the SCyWF framework?+
SCyWF (Saudi Cybersecurity Workforce Framework) is the national framework for classifying and qualifying cybersecurity professionals in Saudi Arabia. It defines job roles, knowledge, and skills — a key reference for government hiring and job descriptions.
Are NCA frameworks mandatory for everyone?+
ECC is mandatory for national entities. CSCC additionally applies only to entities operating critical systems as scoped by NCA. The private sector is bound by them when serving such entities or when classified as critical-infrastructure operators, and uses them as a reference otherwise — they also appear frequently in government tender requirements.
Which global certifications pair well with NCA frameworks?+
Security+ as foundation, CISSP/CISM for leadership and governance, CISA for audit, and ISO 27001 Lead Implementer/Auditor to map ECC to the international standard. CCSP or AWS Security – Specialty pair with CCC for cloud.
Do I need SCyWF if I already have CISSP?+
Yes, in the Saudi context. CISSP is a global cert; SCyWF defines the local job role. Familiarity with SCyWF is practically useful in government interviews even alongside global certifications.