Cyber security is one of the biggest economic and national security challenges countries face in the 21st century. The National Electronic Security Authority was established in line with this modern reality and as soon as the Authority was in place, we immediately initiated a thorough review of federal efforts to defend and protect the nation's ICT Infrastructure. This announcement falls in line with the process we are currently engaged in which puts all necessary policies and standards in place to ensure a comprehensive approach to securing the Nation's Digital Infrastructure.

The National Electronic Security Authority (NESA) is a UAE Federal Authority that operates under the Supreme Council for National Security. NESA is responsible for the advancement of the Nation’s Cyber Security, expanding Cyber Awareness and creating a collaborative culture rooted in Information Technology and Innovation.

In order to achieve their objectives, NESA has devised a new set of guidelines and standards for all government entities and other entities identified as critical national service by NESA.

Therefore, compliance to NESA is mandatory for all such entities.

NESA is committed to ensure that all UAE Government Bodies are made fully aware of the responsibility they now have to meet the requirements of these policies and in turn, what this means in practice going forward.

The overall objective of NESA compliance are –

Strengthen the security of the UAE's information assets and reduce risks

Secure crucial digital infrastrucute (critilcal IT systems from cyber vulnerabilities) Secure crucial digital infrastructure (critical IT systems from cyber vulnerabilities)

Increase awareness of cyber security threats in the country

Improve enterprise's IT Security responsiveness and preparedness capabilities

Who should comply?

NESA compliance is mandatory for all UAE Government Entities and other entities identified as critical national service by NESA. NESA Compliance is applicable and mandatory for all other participating stakeholders who support and deal with critical national information or provide such services.For all other UAE Entities, NESA recommends to follow the guidelines on a voluntary basis, in order to participate in raising nation’s minimum-security level.

NESA Compliance GRC Solution

Our fully managed solution for cyber security compliance requirements of NESA UAE IA Standard.

Ducara’s expertise helps enterprises in crafting cyber security solutions that gives it immense credibility to enable them meet NESA Compliance Standards. Our NESA Compliance service includes industry’s fully managed solution called NESA Compliance GRC Solution. This is a one-stop solutions for the entities who are mandated by NESA to demonstrate their compliance to the stringent cyber security requirements of UAE IA standard. Entities have to annually show their support and increasing maturity of cyber security controls to the sector regulators and in turn to the NESA Authorities.

NESA COMPLIANCE GRC SOLUTION: COMPOSED OF 5 MAIN SOLUTION COMPONENTS –

MANAGED NESA GRC MANAGED NETWORK SECURITY MANAGED ENDPOINT SECURITY MANAGED MOBILE DEVICE SECURITY MANAGED SECURITY TESTING & MONITORING
NESA GRC Implementation Perimeter Security Endpoint protection Mobile Device Management Security Testing
NESA Compliance Audit Support Web Proxy DLP Mobile Application Management Security Log collection & analysis
Ongoing Sustenance of NESA GRC URL Filter Patch Management Mobile Email Management Log Retention
  Wifi Security Backup Management Mobile Browsing Management Security Incident Management
  Remote User Access Security Client VPN Mobile Endpoint protection Brand Monitoring

SOLUTION COMPONENT 1 - MANAGED NESA GRC

The implementation of Solution Component-1 is undertaken by Ducara in the following manner.

SOLUTION COMPONENT 2 – MANAGED NETWORK SECURITY

This Solution implementation includes deployment & ongoing administration of perimeter security devices e.g. Firewall & IPS, Web Proxies, URL filter, Wi-Fi security, remote user access security etc. Implementing entities will have the choice to select the desired technologies as per the technology requirements of UAE IA Standard.

SOLUTION COMPONENT 3 – MANAGED ENDPOINT SECURITY

This Solution implementation includes deployment & ongoing administration of endpoint protection solution, such as - DLP Agent, Patch Management Solution, Backup & Restoration Solution, Client VPN etc. Implementing entities will have the choice to select the desired technologies as per the technology requirements of UAE IA Standard.

SOLUTION COMPONENT 4 - MANAGED MOBILE DEVICE SECURITY

This Solution implementation includes deployment & ongoing administration of Mobile Device Management (MDM) Solution, Mobile Application Management (MAM) Module, Mobile Email Management (MEM) Module, Mobile Browsing Management Module, Mobile Endpoint Protection Module etc. Implementing entities will have the choice to select the desired technologies as per the technology requirements of UAE IA Standard.

SOLUTION COMPONENT 5 - MANAGED SECURITY TESTING & MONITORING

This Solution implementation includes deployment & ongoing administration of security testing e.g. Penetration Testing, Application Security Testing, Configuration Review etc., Security Log Collection & Analysis on a 24/7 basis, Log Retention, Security Incident Management Support, Brand Monitoring Service e.g. Phishing Monitoring, Website Malware Monitoring etc. Implementing entities will have the choice to select the desired technologies as per the technology requirements of UAE IA Standard.

Ducara helps you to understand which systems need to be configured to meet NESA regulation requirements along with which configurations or processes are mandatory. Our team of auditors and advisors gives you the advantage of a superb combination of experience, specialized education, technical knowledge and in-depth management expertise.