Cybersecurity Regulatory Framework (CRF) for Service Providers in the Information and Communications Technologyy

Pursuant to the provisions in the Communications and Information Technology Act (Act) and it’s Bylaw and based on the regulatory tasks assigned to CST under its Ordinance related to maintaining user's information and confidential documents, protecting the public interest, the user and its interests, as well as raising its level of trust; by providing appropriate quality telecommunications and information technology services, in addition to providing protection against harmful content, and maintaining the confidentiality of communications. CST decided to establish a comprehensive Cybersecurity Regulatory Framework (CRF) with the objective to increase the cybersecurity maturity of the Information and Communications Technology (ICT) sector and it mainly concerns organizations who are licensed or registered by CST and those subject to it as the regulator of the ICT sector in the Kingdom of Saudi Arabia.