Organizations' Social Media Accounts Cybersecurity Controls (OSMACC)

Free Trial

Endpoint Central helps comply with OSMACC

To address the risks of theft or misuse of official social media accounts and mitigate the threat of fake accounts of official organizations on social networks in Saudi Arabia, its National Cybersecurity Authority has introduced the Organizations’ Social Media Accounts Cybersecurity Controls (OSMACC) in 2021. These controls establish minimum cybersecurity requirements to ensure organizations can safely manage their social media presence.

This control emphasizes, "Adherence to OSMACC can only be achieved by maintaining continuous compliance with the Essential Cybersecurity Controls, as these are aligned with relevant national and international legislative and regulatory requirements."

The OSMACC includes:

3 Main Domains
12 Subdomains
15 Main Controls
38 Sub-controls

In this guide, we’ll delve into how Endpoint Central, ManageEngine's unified endpoint management and security solution, enables your organization to meet OSMACC’s requirements. Learn how aligning with these controls can strengthen your social media strategy and enhance organizational resilience.

 

S.No OSMACC How Endpoint Central helps
2-1 2-1 Asset Management
To ensure that the organization has an accurate and detailed inventory of information and technology assets in order to support the organization’s cybersecurity and operational requirements to maintain the confidentiality, integrity, and availability of information and technology assets.
2-1-1 In addition to the controls within subdomain 2-1 in the ECC, cybersecurity requirements for managing information and technology assets must include at least the following:
2-1-1-1 Identifying and inventorying the organization’s social media accounts and information and technology assets related to them, and updating them at least once every year.		 Endpoint Central can enable admins to identify the social media apps installed in the end-user device.
 
2-2 2-2 Identity and Access Management
To ensure the secure and restricted logical access to information and technology assets in order to prevent unauthorized access and allow only authorized access for users who are necessary to accomplish assigned tasks.
2-2-1 In addition to the subcontrols within control 2-2-3 in the ECC, cybersecurity requirements for identity and access management related to organization’s social media accounts shall include at least the following:
2-2-1-1 Using social media accounts designated for organizations, not individuals.
2-2-1-2 Registering using official information (official social media email and official mobile number), and do not use personal information.
2-2-1-3 Verifying the organization’s social media accounts whenever possible and maintaining a consistent identity across all organization’s social media accounts used.
2-2-1-4 Using a secure and specific password for each organization’s social media account, changing the password regularly.
2-2-1-5 Using multi-factor authentication for organization’s social media accounts logins.
2-2-1-6 Activating and updating security questions and documenting them in a safe place.
2-2-1-7 Managing the organization’s social media accounts access rights based on business need, considering the sensitivity of the accounts, the level of access rights, and the type of devices and systems used.
2-2-1-8 Restricting access rights of service providers of social media management, social media monitoring, or brand protection.
2-2-1-9 Restricting access to an organization’s social media accounts to specific devices.
2-2-2 With reference to ECC sub-control 2-2-3-5, user identities and access rights used for organization’s social media accounts must be reviewed at least once every year.		 Endpoint Central can enable admins to blocklist social media apps in the devices.
In case of access through browsers, admins can leverage web filter to prevent end-users from accessing social media websites.
Leverage remote wipe to wipe the social media apps in case the device is lost.
2-3 2-3 Information System and Processing Facilities Protection
To ensure the protection of information systems and information processing facilities (including workstations and infrastructures) against cyber risks.
In addition to the sub controls in ECC control 2-3-3, cybersecurity requirements for protecting organization’s social media accounts and technology assets related to them must include at least the following:
2-3-1-1 Applying updates and security patches for social media applications at least once a month.
2-3-1-2 Reviewing configurations and hardening of the organization’s social media accounts and technology assets related to them at least once a year.
2-3-1-3 Reviewing and hardening default configurations, such as default passwords, pre-login, and lockout, for organizations' social media accounts and technology assets related to them.
2-3-1-4 Restricting the activation of features and services in social media accounts on a need basis and carrying out risk assessment if there is a need to activate it.		 Endpoint Central's MDM capability allows for streamlining updates periodically for the mobile apps and OSs.
Endpoint Central also has extensive Passcode management capabilities so that unauthorized users cannot access the mobile devices with the organization's social media accounts.
Restrict the mobile devices from getting connected to public Wi-Fis. Alternatively, you can ensure that your device connects to your organization's Wi-Fi through certificates. Endpoint Central also enables the admins to create Wi-Fi profiles for the endpoints.
2-4 2-4 Mobile Devices Security
To ensure the protection of mobile devices (including laptops, smartphones, tablets) from cyber risks and to ensure the secure handling of the organization’s information (including sensitive information) while utilizing Bring Your Own Device (BYOD) policy.
2-4-1 In addition to the sub controls within control 2-6-3 in the ECC, cybersecurity requirements for mobile device security related to organization’s social media accounts must include at least the following:
2-4-1-1 Centrally manage mobile devices for organization’s social media accounts using a Mobile Device Management system (MDM).
2-4-1-2 Applying updates and security patches on mobile devices, at least once every month.		 Endpoint Central's Mobile Device Management module allows the admins to centrally manage mobile devices as indicated in the controls.
Endpoint Central's BYOD policies ensure that personal and corporate data are separated/containerized in end-user's devices.
Endpoint Central helps admins perform remote wipes to ensure corporate data security in case a device is lost.
Endpoint Central's MDM capability allows for streamlining updates periodically for the mobile apps and OSs.
2-5 2-5 Data and Information Protection
To ensure the confidentiality, integrity, and availability of the organization’s data and information as per organizational policies and procedures, and related laws and regulations.
2-5-1 In addition to the sub-controls in ECC control 2-7-3, cybersecurity requirements for protecting and handling data and information for an organization’s social media accounts must include at least the following:
2-5-1-1 Technology assets for the management of an organization’s social media accounts must not contain classified data, per relevant regulations.		 You can run the devices that have the organization's social media in kiosk mode so that its sole purpose is only for managing social media accounts and not for other purposes (No classified data is present in the device).
Was this article helpful?

Thank you for your feedback!

Sorry about that!

By clicking "Submit", you agree to processing of personal data according to thePrivacy Policy.

Trusted by

Back to Top