AI-Generated Summary
Key takeaways from this article
Introduction
The SAMA Cybersecurity Framework (SAMA CSF) is mandatory for all financial institutions regulated by the Saudi Central Bank. With 147 sub-controls across four domains, achieving and maintaining compliance requires a structured approach grounded in operational reality rather than theoretical frameworks.
The Four Domains
SAMA CSF is organised across Cybersecurity Leadership and Governance, Cybersecurity Risk Management, Cybersecurity Operations, and Third-party Cybersecurity. Each domain contains multiple controls with maturity levels ranging from Level 1 (ad-hoc) to Level 3 (defined and measured).