Official government website of the Government of the Kingdom of Saudi Arabia 
The Data Cybersecurity Controls (DCC-1: 2022) document issued by the National Cybersecurity Authority forms an integrated strategic framework aimed at protecting national information assets and enhancing cybersecurity requirements throughout all phases of the data lifecycle.
These controls are based on the Kingdom's Vision 2030, which considers data a vital economic resource and a foundation for supporting decision-making and developing digital services. This necessitates strict security requirements to mitigate cybersecurity threats and risks that could negatively impact the Kingdom's national security, economy, or international reputation.
The structure of these controls consists of three primary components and 11 subcomponents, which collectively include 19 primary controls and 47 subcontrols, all designed to complement the Essential Cybersecurity Controls (ECC).
The scope of these controls extends to all government entities and their affiliates, as well as private sector entities that own or operate critical national infrastructure. The controls cover all forms of data, whether physical or digital, structured like databases or unstructured like documents and records.
The document adopts a precise data classification system consisting of four levels: Public, Restricted, Confidential, and Top Secret, based on their sensitivity and the risks associated with their loss or leakage.
The main control pillars include cybersecurity governance through periodic review and auditing to ensure the effectiveness of implemented measures, enhancing human resource-related cybersecurity by conducting security screening for employees, and preventing the use of unauthorized messaging applications or cloud storage for sharing sensitive data.