M5.4.1 - TECHNICAL COMPLIANCE CHECKING Implementation Guidance
The entity shall ensure that information systems are regularly checked for compliance with the UAE IA Standards.
Back to M5.4.1 - P2 - TECHNICAL COMPLIANCE CHECKING
Critical entities shall also take into account any other NESA’s relevant issuances, guidance, and activities in this regard.
Technical compliance checking should be performed either manually (supported by appropriate software tools, if necessary) by an experienced system engineer, and/or with the assistance of automated tools, which generate a technical report for subsequent interpretation by a technical specialist.
If penetration tests or vulnerability assessments are used, caution should be exercised as such activities could lead to a compromise of the security of the system. Such tests should be planned, documented and repeatable.
Any technical compliance check should only be carried out by competent, authorized persons, or under the supervision of such persons.
