SecurityRating.com
Compliance

SAMA CSF Compliance

Comply with the Saudi Arabian Monetary Authority Cyber Security Framework v1.0. Continuous evidence collection, pre-mapped controls and a clear path from "in scope" to "audit-ready".

Talk to sales Run free scan

Why teams choose this

Pre-mapped controls

Every SAMA CSF control mapped to evidence and integrations — out of the box.

Audit-ready evidence

Generate auditor-ready SAMA CSF evidence packs in minutes.

Continuous testing

Controls are tested every day, not once a year.

Gap analysis

Immediate visibility into where your environment falls short of SAMA CSF.

70%
Less audit prep
100%
Evidence freshness
1 source
Of truth
// features

What's included

  • Pre-loaded SAMA CSF control library
  • Automated evidence collection
  • Real-time gap analysis & roadmap
  • Auditor collaboration portal
  • Cross-framework re-use of evidence
// how it works

How it works

  1. 01
    Connect

    Add your domain or vendor list — no agents, no DNS changes. SAMA CSF alignment starts within minutes.

  2. 02
    Analyze

    Our engine continuously ingests open-source intelligence, scan data and threat feeds to produce an objective risk score.

  3. 03
    Act

    Receive prioritized remediations, alerts and exportable evidence — share with your team, board or auditors.

Quick Answers

SAMA CSF Compliance — frequently asked questions

What is the SAMA Cyber Security Framework?
Issued in May 2017 by the Saudi Central Bank (SAMA), the CSF v1.0 defines mandatory cybersecurity controls for all member organisations — banks, insurance companies, finance companies and credit bureaus operating in the Kingdom of Saudi Arabia.
What are the SAMA CSF maturity levels?
Five maturity levels (0–4). Member organisations must achieve at least Level 3 (Structured and Formalised) across all 4 domains and 29 subdomains, with regular self-assessment and SAMA review.
How does SAMA CSF compare to NCA ECC?
SAMA CSF is sector-specific (financial services) and supervised by SAMA. The NCA Essential Cybersecurity Controls (ECC-1:2018) are nation-wide. Many organisations report to both; control overlap is significant and evidence can be re-used.
What evidence does a SAMA self-assessment require?
Policy artefacts, control implementation evidence, risk-treatment plans, third-party assessment reports and a board-approved cybersecurity strategy. SecurityRating.com produces these continuously, sized to the SAMA self-assessment template.

Related capabilities

Continuous ComplianceAutomated EvidenceMultiple Integrations

Ready to see SAMA CSF Compliance in action?

Talk to our team about a 30-minute walkthrough tailored to your environment, or run a free non-intrusive scan of any domain.

Talk to sales View pricing