← Frameworks / Regulatory

UAE Information Assurance Regulation (TDRA/NESA)

UAE mandatory information assurance standards for all government entities and critical national infrastructure operators. 12 security domains aligned to ISO 27001/27002 covering governance, risk management, asset management, HR security, physical security, operations, communications, access control, system development, incident management, and business continuity. Enforced by TDRA with compliance audits.

Clauses: 12

Avg Coverage: 86.2%

Publisher: Telecommunications and Digital Government Regulatory Authority (TDRA) Version: 2022

UAE IA → SP 800-53 SP 800-53 → UAE IA Coverage Analysis

Clause	Title	SP 800-53 Controls
T1	Information Security Governance	PM-01 PM-02 PM-03 PM-06 PM-07 PM-09 PM-10 PM-13 PM-14 PM-15 PM-29 PL-01 PL-09 PL-10 PL-11 PS-09
T2	Information Security Risk Management	RA-01 RA-02 RA-03 RA-05 RA-07 RA-09 RA-10 PM-09 PM-28 CA-05 PL-10 PL-11
T3	Information Security Policy	PL-01 PL-02 PL-04 PM-01 AC-01 AT-01 AU-01 CA-01 CM-01 CP-01 IA-01 IR-01 MA-01 MP-01 PE-01 PS-01 RA-01 SA-01 SC-01 SI-01 PT-01 SR-01
T4	Asset Management	CM-08 CM-12 CM-13 PM-05 RA-02 MP-01 MP-02 MP-03 MP-04 MP-05 MP-06 MP-07 MP-08 AC-16 SC-28
T5	Human Resource Security	PS-01 PS-02 PS-03 PS-04 PS-05 PS-06 PS-07 PS-08 PS-09 AT-01 AT-02 AT-03 AT-04 AT-06 PL-04 PM-13
T6	Physical and Environmental Security	PE-01 PE-02 PE-03 PE-04 PE-05 PE-06 PE-07 PE-08 PE-09 PE-10 PE-11 PE-12 PE-13 PE-14 PE-15 PE-16 PE-17 PE-18 PE-19 PE-20 PE-21 PE-22 PE-23
T7	Operations Security	CM-01 CM-02 CM-03 CM-04 CM-05 CM-06 CM-07 CM-08 CM-09 CM-10 CM-11 CM-14 SI-01 SI-02 SI-03 SI-04 SI-05 SI-07 SI-10 SI-16 CP-09 CP-06 AU-01 AU-02 AU-03 AU-04 AU-05 AU-06 AU-07 AU-08 AU-09 AU-10 AU-11 AU-12 CA-07 RA-05 SC-04 SC-05 SC-06 SA-11
T8	Communications Security	SC-01 SC-07 SC-08 SC-10 SC-11 SC-12 SC-13 SC-20 SC-21 SC-22 SC-23 SC-28 SC-32 AC-04 AC-17 AC-18 AC-20 CA-03 CA-09
T9	Access Control	AC-01 AC-02 AC-03 AC-04 AC-05 AC-06 AC-07 AC-08 AC-09 AC-10 AC-11 AC-12 AC-14 AC-16 AC-17 AC-18 AC-19 AC-20 AC-21 AC-22 AC-24 AC-25 IA-01 IA-02 IA-03 IA-04 IA-05 IA-06 IA-07 IA-08 IA-09 IA-10 IA-11 IA-12
T10	Information Systems Acquisition, Development and Maintenance	SA-01 SA-02 SA-03 SA-04 SA-05 SA-08 SA-09 SA-10 SA-11 SA-15 SA-16 SA-17 SA-20 SA-21 SA-22 CM-03 CM-04 CM-05 CM-14 SR-01 SR-02 SR-03 SR-04 SR-05 SR-06 SR-09 SR-10 SR-11
T11	Information Security Incident Management	IR-01 IR-02 IR-03 IR-04 IR-05 IR-06 IR-07 IR-08 IR-09 AU-06 SI-04 PM-14
T12	Business Continuity Management	CP-01 CP-02 CP-03 CP-04 CP-06 CP-07 CP-08 CP-09 CP-10 CP-12 CP-13 PM-08 PM-11