.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Comply with the Saudi Central Bank’s cybersecurity framework for financial institutions.The Saudi Arabian Monetary Authority (now Saudi Central Bank, SAMA) Cyber Security Framework is a mandatory framework for financial institutions regulated by SAMA. It defines cybersecurity requirements across governance, risk management, operations, and third-party security to protect the Kingdom’s financial sector.
The SAMA CSF is mandatory for banks, insurance companies, and other financial institutions regulated by the Saudi Central Bank.
Who needs SAMA Cyber Security Framework?
Saudi financial institutions
Banks, insurers, and finance companies regulated by SAMA.
Fintech and payment firms
Payment service providers and fintechs operating in Saudi Arabia.
Key components
Cyber security governance
Leadership oversight, strategy, and a defined cybersecurity organization.
Risk management
Identification and treatment of cybersecurity risks.
Operations & technology
Security operations, identity management, and infrastructure protection.
Third-party security
Management of cybersecurity risk from vendors and partners.
How DSALTA helps with SAMA Cyber Security Framework
Activate SAMA CSF
Select the SAMA framework from the Frameworks page. DSALTA maps its domains to controls.
Frequently asked questions
Who must comply with the SAMA CSF?
Who must comply with the SAMA CSF?
All financial institutions regulated by the Saudi Central Bank, including banks, insurers, and finance companies.
Is the framework maturity-based?
Is the framework maturity-based?
Yes. SAMA assesses institutions against maturity levels, expecting continuous improvement over time.