OCI achieves CST Class C in Saudi Arabia, demonstrating NCA ECC and CCC compliance

December 20, 2023 | 2 minute read
Jessica Giddens
Senior Manager
Text Size 100%:

Oracle recognizes that cloud adoption is critical for organizations to accelerate innovation and quickly scale their workloads in a cost-effective manner. In the Middle East, Saudi Arabia is embracing cloud technology to support growth and innovation strategies, and Oracle is invested in meeting the demand for cloud computing in the region. Saudi Arabia has also developed mandatory guidelines and frameworks for information communication technology (ICT) providers in response to this national digital transformation.

Today, Oracle Cloud Infrastructure (OCI) is pleased to announce that it’s the first major cloud provider in Saudi Arabia to achieve CST Class C registration.

Saudi Arabia Class C CST registration

In Saudi Arabia, the Communications Space & Technology Commission (CST) is the leading government authority whose oversight spans a broad spectrum of information technologies, communications, and digitization businesses and providers, including cloud services. In 2017, the National Cybersecurity Authority (NCA) was created to develop and oversee the implementation of a national cybersecurity strategy. With a vision for stimulating growth and innovation, the agency provides knowledge and expertise on secure cloud implementation and use.

As cloud adoption continued to grow in the region, and in November of 2022, CST expanded its regulatory oversight of cyberspace with its Telecommunication and Information Technology Act and, most recently, the Cloud Computing Services and Provisioning Regulations, which requires ICT providers that offer cloud services through a data center in Saudi Arabia to be registered with the CST. This approved registration enables OCI to provide cloud computing services in Saudi Arabia.

To meet CST Class C registration requirements, the data center hosting the OCI infrastructure and services must be classified at Tier 3 or above. The provider must also demonstrate compliance with NCA control requirements, including NCA Essential Cybersecurity Controls (ECC) and Cloud Cybersecurity Controls (CCC) control requirements.

ECC consists of 114 controls that set the minimum cybersecurity requirements based upon best practices and standards to minimize access risks to information and technical assets from threats. CCC is an extension and complement to the ECC and is a set of requirements for cloud computing. It comprises 37 controls, with 96 subcontrols for cloud service providers (CSPs) like Oracle. The controls focus on key security topics of cloud governance, defense, resilience, and third-party cybersecurity.

Oracle’s commitment to Saudi Arabia

Oracle has longstanding relationships in Saudi Arabia and is proud to provide secure, reliable, and scalable global cloud solutions that allow organizations, corporations, and governments to safely operate their important (and critical) workloads in the cloud.

Oracle Cloud Infrastructure’s Class C registration offers additional assurance for organizations in Saudi Arabia looking to accelerate innovation with the cloud and meet their business objectives.

For more information, learn more about this and other global compliance programs, or reach out to one of our representatives.

Jessica Giddens

Senior Manager


Previous Post

Altair Radioss performance on OCI shapes with 4th gen AMD EPYC

Martin Feyereisen | 6 min read

Next Post


Better backups with policy-based snapshots and replication in OCI File Storage Service

Vinoth Krishnamurthy | 4 min read