SAMA Cyber Security Framework - Principle based.

As per SAMA Cyberecurity framework, the objective of the Framework is as follows:
1. To create a common approach for addressing cyber security within the Member Organizations.
2. To achieve an appropriate maturity level of cyber security controls within the Member Organizations.
3. To ensure cyber security risks are properly managed throughout the Member Organizations.

The frameworks borrows key controls from various industry level cybersecurity standards such as NIST, ISF, ISO, Basel and PCI DSS. The purpose of the CSF is to ) to enable Financial Institutions regulated by
SAMA (“the Member Organizations”) to effectively identify and address risks related to cyber security.


The Framework is applicable to all Member Organizations regulated by SAMA, which include the following:

  • All Banks operating in Saudi Arabia;
  • All Insurance and/or Reinsurance Companies operating in Saudi Arabia;
  • All Financing Companies operating in Saudi Arabia;
  • All Credit Bureaus operating In Saudi Arabia;
  • The Financial Market Infrastructure

    The four domains are
    1. Cyber Security Leadership and Governance.
    2. Cyber Security Risk Management and Compliance.
    3. Cyber Security Operations and Technology.
    4. Third Party Cyber Security.

    How can Riskpro help you

    Riskpro has security and privacy professionals who have done a number of such assessments and readiness support. We have an online tool that has mapped all applicable controls against this SAMA Cybersecurity framework.

    Our readiness / gap assessment can be performed in 1-2 weeks. Access to the automated assessment tool can be provided on a free trial basis.


    To learn more, contact us at or call 9833767114

  • More Info