This table shows the 18 compliance areas where Saudi NCA ECC and NIST CSF controls overlap. When you mark a control as implemented in either framework, Venvera automatically propagates the status to the equivalent control in the other.
| Compliance Area | NCA ECC | NIST CSF |
|---|---|---|
| Cybersecurity Governance | ECC-1-1, ECC-1-2 | GV.OC-01, GV.RR-01 |
| Cybersecurity Strategy | ECC-1-5, ECC-1-6 | GV.OC-02, GV.SC-01 |
| Asset Identification | ECC-2-1, ECC-2-2 | ID.AM-01, ID.AM-02 |
| Asset Classification | ECC-2-3, ECC-2-4 | ID.AM-05 |
| Identity & Access Management | ECC-3-1, ECC-3-2 | PR.AA-01, PR.AA-05 |
| Privileged Access | ECC-3-3, ECC-3-4 | PR.AA-05 |
| Authentication & MFA | ECC-3-5, ECC-3-6 | PR.AA-03 |
| Network Security | ECC-4-1, ECC-4-2 | PR.IR-01 |
| Data Protection | ECC-4-3, ECC-4-4 | PR.DS-01, PR.DS-02 |
| Cryptography | ECC-4-5, ECC-4-6 | PR.DS-01 |
| Physical & Environmental Security | ECC-5-1, ECC-5-2 | PR.AA-02 |
| Vulnerability Management | ECC-6-1, ECC-6-2 | ID.RA-01, PR.PS-01 |
| Patch Management | ECC-6-3, ECC-6-4 | PR.PS-01 |
| Security Monitoring | ECC-7-1, ECC-7-2 | DE.CM-01, DE.AE-02 |
| Incident Response | ECC-7-3, ECC-7-4 | RS.MA-01, RS.AN-03 |
| Incident Reporting | ECC-7-5 | RS.CO-02 |
| Business Continuity & Resilience | ECC-8-1, ECC-8-2 | RC.RP-01, RC.RP-02 |
| Security Awareness | ECC-9-1, ECC-9-2 | PR.AT-01, PR.AT-02 |
For details on how propagation works, thresholds, and the auto-mapped badge, see the Cross-Framework Control Propagation overview article.