← Frameworks / Financial Regulation

CBUAE Cyber Risk and Operational Resilience Framework

Central Bank of the UAE mandatory framework for cyber risk governance, security operations, incident management, and operational resilience for all CBUAE-regulated financial institutions. 14 sections covering governance, risk management, SOC, identity and access management, data protection, application and infrastructure security, cryptography, incident management, security testing, awareness, third-party risk, operational resilience, and regulatory reporting.

Clauses: 14

Avg Coverage: 80.4%

Publisher: Central Bank of the UAE (CBUAE) Version: 2021

CBUAE → SP 800-53 SP 800-53 → CBUAE Coverage Analysis

Clause	Title	SP 800-53 Controls
CR-1	Cyber Risk Governance	PM-01 PM-02 PM-03 PM-09 PM-13 PM-28 PM-29 PS-09 PL-09
CR-2	Cyber Risk Management	PM-09 PM-28 RA-01 RA-02 RA-03 RA-04 RA-07 RA-09 PL-10 PL-11 CA-05
CR-3	Cyber Security Operations	SI-04 AU-02 AU-03 AU-04 AU-05 AU-06 AU-07 AU-08 AU-09 AU-10 AU-12 CA-07 PM-16 RA-10 SC-26 SC-44 IR-04
CR-4	Identity and Access Management	AC-01 AC-02 AC-03 AC-04 AC-05 AC-06 AC-07 AC-08 AC-10 AC-11 AC-12 AC-14 AC-17 AC-19 AC-20 AC-24 IA-01 IA-02 IA-03 IA-04 IA-05 IA-06 IA-08 IA-09 IA-11 IA-12
CR-5	Data Protection	MP-01 MP-02 MP-03 MP-04 MP-05 MP-06 MP-07 SC-08 SC-13 SC-28 CM-12 PT-01 PT-02 PT-03 PT-04 PT-05 PT-06 PT-07 PT-08 AC-04 AC-16 AC-23 SI-12
CR-6	Application Security	SA-03 SA-04 SA-08 SA-10 SA-11 SA-15 SA-16 SA-17 SA-20 SA-21 CM-14 SI-10 SI-11 SI-15
CR-7	Infrastructure Security	SC-07 SC-05 SC-20 SC-21 SC-22 SC-39 SC-41 CM-01 CM-02 CM-03 CM-05 CM-06 CM-07 CM-08 CM-09 SI-02 SI-03 SI-04 SI-07 SI-16 RA-05
CR-8	Cryptography	SC-12 SC-13 SC-08 SC-17 SC-28 SC-40
CR-9	Cyber Incident Management	IR-01 IR-02 IR-03 IR-04 IR-05 IR-06 IR-07 IR-08 IR-09
CR-10	Cyber Security Testing	CA-02 CA-07 CA-08 CA-09 RA-05 RA-06 PM-14 RA-09
CR-11	Cybersecurity Awareness and Training	AT-01 AT-02 AT-03 AT-04 AT-06 PM-13 PM-15
CR-12	Third-Party Cyber Risk	PM-30 PM-31 PM-32 SA-04 SA-09 SA-21 SA-22 SR-01 SR-02 SR-03 SR-05 SR-06
CR-13	Operational Resilience	CP-01 CP-02 CP-03 CP-04 CP-06 CP-07 CP-08 CP-09 CP-10 CP-11 CP-12 CP-13 SC-24 SI-13 SI-17 PM-08 PM-11
CR-14	Regulatory Compliance and Reporting	CA-01 CA-02 CA-03 CA-05 CA-06 CA-07 PM-04 PM-06 PM-10 PL-01 PL-02 PL-04