* [Blog](https://www2.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/) * [Points of View](https://www2.paloaltonetworks.com/blog/category/points-of-view/) * Saudi Arabia's Cloud Comp... # Saudi Arabia's Cloud Computing Regulatory Framework v3 [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F06%2Fcloud-computing-regulatory-framework-v3%2F) [](https://twitter.com/share?text=Saudi+Arabia%E2%80%99s+Cloud+Computing+Regulatory+Framework+v3&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F06%2Fcloud-computing-regulatory-framework-v3%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F06%2Fcloud-computing-regulatory-framework-v3%2F&title=Saudi+Arabia%E2%80%99s+Cloud+Computing+Regulatory+Framework+v3&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2022/06/cloud-computing-regulatory-framework-v3/&ts=markdown) \[\](mailto:?subject=Saudi Arabia’s Cloud Computing Regulatory Framework v3) Link copied By [Haider Pasha](https://www.paloaltonetworks.com/blog/author/haider-pasha/?ts=markdown "Posts by Haider Pasha") and [Danielle Kriz](https://www.paloaltonetworks.com/blog/author/danielle-kriz/?ts=markdown "Posts by Danielle Kriz") Jun 09, 2022 6 minutes [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown) [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [Cloud Computing](https://www.paloaltonetworks.com/blog/tag/cloud-computing/?ts=markdown) [Government](https://www.paloaltonetworks.com/blog/tag/government2/?ts=markdown) [policy](https://www.paloaltonetworks.com/blog/tag/policy/?ts=markdown) ### How We Can Help Customers Along a Secure Cloud Journey On December 3, 2020, version 3 of the Kingdom of Saudi Arabia (KSA)'s [Cloud Computing Regulatory Framework (CCRF v3)](https://www.citc.gov.sa/en/RulesandSystems/RegulatoryDocuments/Documents/CCRF_En.pdf) came into force. Issued by the Communication and Information Technology Commission (CITC), CCRF v3 makes only limited changes to the prior version (CCRF v2) and reaffirms KSA's commitment to encouraging the use of cloud computing services in KSA. The framework clarifies the expectations for both cloud service providers (third-party companies offering a cloud-based platform, infrastructure, application or storage service) and their cloud computing subscribers (paying customers of cloud solutions). Palo Alto Networks, the global cybersecurity leader, supports countries' secure digital transformations, including their transitions to the cloud. In fact, we are shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our company has transformed over the years from our beginning as a leader in next-generation firewalls (NGFW) to now being an industry leader protecting tens of thousands of organizations across clouds, networks and mobile devices. We recognize that many organizations around the world are extending their networks to the cloud, including public, private and hybrid cloud models, to improve their productivity and efficiency. It is imperative that these organizations have a consistent approach to securing their data, whether it is on premise or in the cloud. Since 2018, Palo Alto Networks has developed technical partnerships with leading global cloud infrastructure providers to extend our security platform into the cloud. This has enabled us to be the cybersecurity partner of choice, protecting networks, clouds and endpoints, regardless of customer size, industry or geography. As data requires protection while in motion or at rest, our efforts focus on securing both instances for cloud usage, whether it's for data stored in the cloud or in motion between clouds. We are continually innovating our products and services to deliver cloud based cybersecurity to our customers in nearly every imaginable vertical, including public sector, utilities, oil and gas, financial institutions, health care, service providers, manufacturers and many others. ### Quick Facts about the CCRF v3 Our cloud-delivered security solutions enable updated controls to be delivered at the speed of innovation, leveraging our integrated A.I. and machine learning capability to proactively prevent cyber attacks. We can scale up and down based on computational needs, both of which are necessary to counter sophisticated, automated cyberattacks. We also offer localized security for those customers who prefer to keep all of their data in private data centers. Our hardware-based NGFWs, as well as our virtual next-generation firewalls (VM-Series NGFWs), secure applications and data within data centers. Our hardware and virtual NGFWs provide our customers with visibility, control and protection to all of their cloud-based applications, regardless of where users access them. CCRF v3 applies to any cloud service provided to customers having a residence or customer address in KSA. "Cloud service" applies to software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS). ### Palo Alto Networks and the CCRF v3 Below are some key provisions of CCRF v3 that may apply to organizations in KSA as they seek to leverage the benefits of the cloud, as well as a brief description of how Palo Alto Networks can assist with that journey. ***Subscriber Data Classification Responsibility (Section 3.3.4)*** Cloud computing subscribers are required to select the appropriate classification for their data that conforms with their security requirements, specific needs, obligations and duties that reflect the required level of security for the data's confidentiality, integrity and availability. The levels are shown in section 3.3.1: * Data of Saudi Government Agencies: * **Extremely Confidential:** national interests and privacy of officials and agencies. * **Confidential**: national interests or which could cause financial loss, or harm, etc. * **Restricted**: limited negative impact or damage to an entity's assets, if disclosed. * **Public**: such that it will not harm national interest, entity activity, interests of individuals or environmental resources, if disclosed. * Non-Government Data, broken into "Data Received from Saudi Government Entities," which is classified as received from the government agency based on the levels specified above, and "Other Data." **Palo Alto Networks Approach to Section 3.3.4** Palo Alto Networks supports organizations by performing deep, application-level visibility inspection, as well as Data Loss Prevention (DLP) classification to classify and protect applications and data moving to the cloud. After the data is classified, we help protect local and cloud deployed data using a set of tools that provide deep visibility, control and compliance into who is accessing the data and what they are doing with that data. Our hardware NGFWs and VM-Series NGFWs have tools, including DLP licenses, that can help classify and prevent the loss of sensitive information from an organization's network or cloud. ***Shared Responsibility Model (Section 3.3.5)*** Cloud computing subscribers shall be responsible for implementing all cybersecurity requirements that apply to any part of their content. **Palo Alto Networks Approach to Section 3.3.5** Palo Alto Networks views this provision to reflect the shared responsibility model of cloud security, specifically cloud infrastructure providers holding responsibility for securing their infrastructure, with the data owner ultimately responsible for securing their data in the cloud. Organizations using the cloud must have the right tools in place to manage and secure risks effectively. These tools can vary: * Visibility into activity within SaaS applications. * Detailed analytics on usage to prevent data risk and compliance violations. * Context-aware policy controls to drive enforcement and quarantine if violations occur. * Real time threat intelligence on known threats and detection of unknown threats to prevent new malware insertion points. Our Prisma cloud platform enables customers to detect, prevent and control SaaS applications while ensuring compliance and policy controls are applied to cloud instances. Prisma cloud also monitors workload changes and keeps track of the entire data lifecycle. ***Reporting Cybersecurity Incidents (Sections 3.3.11 - 3.3.14)*** The cloud computing service provider is required to notify its subscribers, without delay, of any cybersecurity incidents that it becomes aware of that affects or is likely to affect subscriber content, data, or any cloud computing services provided to cloud computing subscribers. **Palo Alto Networks Approach to Section 3.3.11-3.3.14** Palo Alto Networks [Unit 42 Team](https://unit42.paloaltonetworks.com/) offers cloud computing service providers, enterprise customers and commercial businesses many abilities: * **Assess** and test security controls against the right threats with Proactive Assessments and Incident Simulation Services. * **Transform**security strategy with a threat-informed approach. * **Respond**in record time with Incident Response and Digital Forensics Services. Our [Unit 42 Retainer service](https://www.paloaltonetworks.com/unit42/retainer) gives customers the ability to continuously test and plan for new threat actors and techniques while maintaining a focused and proactive approach to detecting cyber threats. ### Our Commitment to KSA Palo Alto Networks is committed to supporting organizations within KSA adhere to the CCRF. We have solutions, practices and people who work closely with our local strategic channel partners to ensure customer data is protected and in compliance with local policies. For any questions, please reach out to your [local Palo Alto Networks team](https://www.paloaltonetworks.com/about-us/locations) in Saudi Arabia or across the globe. *** ** * ** *** ## Related Blogs ### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Breaking Down the NASCIO Top 10 for 2023](https://www2.paloaltonetworks.com/blog/2023/01/nascio-top-10-for-2023/) ### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Implementing Cloud-Native Security](https://www2.paloaltonetworks.com/blog/2023/01/strategies-to-augment-cloud-native-security/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### New Grant Program Is a Game-Changer for State and Local Governments](https://www2.paloaltonetworks.com/blog/2022/09/new-cybersecurity-grant-program-is-a-game-changer/) ### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### The Federal Zero Trust Strategy](https://www2.paloaltonetworks.com/blog/2022/03/the-federal-zero-trust-strategy/) ### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Cyber Operational Collaboration Is Key for the "Next Log4j" Response](https://www2.paloaltonetworks.com/blog/2022/02/cyber-operational-collaboration/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Bipartisan Cybersecurity Legislation --- Continuing the Progress in 2022](https://www2.paloaltonetworks.com/blog/2022/01/bipartisan-cybersecurity-policy/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language