NESA Information Assurance Standards (IAS)

The UAE's National Electronic Security Authority (NESA) Information Assurance Standards (IAS) establish the cybersecurity framework for UAE government entities and critical infrastructure operators. NESA IAS consists of two tiers: Tier 1 (mandatory controls for all entities) and Tier 2 (enhanced controls for critical entities). The standards cover 18 domains including: information security governance; risk management; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition, development, and maintenance; information security incident management; business continuity management; and compliance. UAE entities must achieve compliance with NESA IAS as a condition of operating in regulated sectors. The UAE Cybersecurity Council, established in 2020, has expanded the national cybersecurity framework and introduced the UAE Cybersecurity Strategy 2021-2026. NESA has been restructured under the Cybersecurity Council, which now coordinates cybersecurity policy across all federal entities.