UAE & NESA Compliance
The National Electronic Security Authority (NESA) is the federal authority of the United Arab Emirates (UAE) that is responsible for the country’s cybersecurity compliance. In order to protect critical sectors from data loss and data breaches, NESA has implemented a new set of regulations and guidelines.
NESA compliance is mandatory for:
- Government organizations
- Semi-government organizations
- Business organizations that are identified as part of the UAE critical infrastructure.
Compliance preparation starts with developing and following a data protection strategy. A solid and efficient strategy includes data encryption and wiping.
NESA Data Encryption & How to Comply
When thinking about NESA compliance, the most significant of the new regulations is the section on Information Assurance Standards (IAS). Out of the 188 security controls listed in the IAS, 35 of them deal with information security. Therefore, it is important to take necessary measures to keep confidential information safe and avoid data breaches.
Data encryption is an effective method of protecting sensitive information from physical and virtual threats – and should be the foundation of every organization’s information security strategy. Data should be encrypted at the source where it is stored and before it migrates outside of controller possession – see NESA encryption requirements.
To help your organization with NESA Compliance, Jetico offers two types of data encryption:
- BestCrypt Volume Encryption for superior whole disk encryption
- BestCrypt Container Encryption for selected files and folders
NESA Data Wiping & How to Comply
There are multiple instances in the NESA regulations that outline the necessity to securely remove or overwrite data once it is no longer needed - review all NESA wiping requirements. These standards include:
- T1.4.1: Management of Removable Media
- T1.4.2: Disposal of Media
- T7.5.2: Protection of Systems Test Data
In order to comply with these kinds of regulations, organizations must be sure that all of the data in question is removed entirely. Erasing data is more complex than it sounds, and improper removal leads to problematic data remanence (residual representations of data that remain despite removal attempts).
To help your organization with NESA Compliance, Jetico offers two types of software to wipe data beyond forensic recovery:
- BCWipe Total WipeOut to erase entire hard drives at end of life
- BCWipe to wipe selected files and folders on active systems
Need to Get Help with the UAE National Electronic Security Authority (NESA) Compliance?
Thank you for contacting Jetico! We will respond to you as soon as possible.
Send us a message - we'll reply within 24 business hours.
Need help now? Call Us
US: 202 742 2901