Professional Documents
Culture Documents
Nesa'S Uae Ias: How Can Gemalto's Data Protection and Authentication Solutions Help With Compliance?
Nesa'S Uae Ias: How Can Gemalto's Data Protection and Authentication Solutions Help With Compliance?
About NESA’s Mandatory Cryptography and NESA’s Audit and Compliance Process
Authentication Security Controls for the UAE NESA will also be operating on a tiered approach when
To protect the UAE’s critical data information enforcing UAE IAS compliance. The level of risk that an
infrastructure and improve national cyber security, organization poses to the UAE’s information infrastructure
the National Electronic Security Authority (NESA), has (based on the organizations current security controls and
produced the UAE Information Assurance Standards the inherent risk of their industry), will determine how
(UAE IAS), which is a set of standards and guidelines closely NESA and industry regulators will be working with
for government entities in critical sectors. Compliance them. Although NESA hasn’t yet outlined a mandatory
with these standards is mandatory for all government compliance date for organizations, or any potential fines,
these controls are required to be implemented by all the
organizations, semi-government organizations and
relevant entities, regardless of the outcome of their NESA
business organizations that are identified as critical
Risk Assessment results. Notwithstanding any penalties
infrastructure to UAE.
and fines that NESA could enforce, organizations should
start to implement P1 controls to protect against potential
NESA’s UAE IAS regulations were created with data breaches, and mitigate the associated financial and
the aim to: reputational losses.
>> Strengthen the security of UAE cyber assets and reduce
corresponding risk levels NESA’s Risk Assessment Framework
>> Protect critical infrastructure
PROCEDURE IMPACT
>> Improve threat awareness in the UAE
Reporting Maturity-based self-assessment by
>> Develop human capital and technical capabilities stakeholders in line with mandatory vs.
voluntary requirement
NESA’s UAE IAS Control Structure Auditing When appropriate, NESA can audit
stakeholders by requesting specific
NESA’s UAE IAS lists 188 security controls and standards evidence in support of self-assessment
which are grouped into four different tiers, ranging in report
priority from P1 (highest) to P4 (lowest). NESA created
Testing When appropriate, NESA can commission
the list of security controls based on 24 threats that were tests of information security measures in
compiled from various industry reports, and prioritized place at stakeholders
them based on the percentage of breaches that were National Security In extreme cases, NESA should be able
found. Out of the 188 security controls listed, 39 of them Intervention to directly intervene when an entity’s
are P1 controls which address 80% of the possible security activities are leading to unacceptable
threats NESA identified. Implementing P1 controls is an national security risks
organization’s first step towards achieving compliance and
building a strong information security foundation against
cyberattacks.
©Gemalto 2017. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries. FS (EN) - 15Sep2017 - Design: RM
access and policy changes. Audit trails are securely stored performance demands for real-time low latency and near
and signed for non-repudiation and can be consumed by zero overhead to provide security without compromise for
leading 3rd party SIEM tools. Using SafeNet KeySecure, data on the move across the network up to 100 Gbps.
organizations can centrally manage multiple key types,
including Symmetric and Asymmetric Keys, secret data, and SafeNet Luna HSMs – Secure Root of Trust for
X.509 certificates along with associated policies. Your Data
Easily conform to NESA’s mandates with SafeNet Luna
SafeNet Data Protection Connector Portfolio – HSMs from Gemalto. Ensure your data is safe from a
Secure Your Data at Rest cyber-attack by storing your private cryptography keys
Coupled with SafeNet KeySecure, the SafeNet Data inside a hardened, tamper-resistant, FIPS-validated device.
Protection Connector portfolio keeps administrators in full Without access to the keys, data is rendered useless. Your
control of their data wherever it is resides and however it organization will benefit from Gemalto’s years of experience,
is used. In turn, this level of control keeps organizations and stringent product verification testing that certifies the
compliant with UAE IAS. security and integrity of our devices.
Contact Us: For all office locations and contact information, please visit safenet.gemalto.com
Follow Us: blog.gemalto.com/security
GEMALTO.COM