The UAE Information Assurance Standard (IAS) Version 2.1 marks a major step forward in strengthening cybersecurity governance across government, semi-government, and regulated entities in the UAE. Released as an evolution of the earlier IA / NESA framework, IAS 2.1 introduces new security controls, enhances existing ones, and shifts organizations toward a risk-based, outcome-driven compliance model.
For organizations operating in the UAE, understanding these changes is critical to maintaining regulatory compliance, reducing cyber risk, and aligning with international best practices such as ISO/IEC 27001:2022.
For organizations operating in the UAE, understanding these changes is critical to maintaining regulatory compliance, reducing cyber risk, and aligning with international best practices such as ISO/IEC 27001:2022.
What Is New in IAS Version 2.1?
IAS Version 2.1 focuses on control effectiveness, accountability, and modern technology risks, rather than basic policy compliance.
Key themes introduced in IAS 2.1:
Risk-based control applicability
Stronger governance and management accountability
New controls for cloud and third-party security
Measurable cybersecurity performance
Alignment with global information security standards
New Controls Introduced in IAS Version 2.1
The following controls did not exist in UAE IA v1.1 and are newly introduced in IAS Version 2.1. These controls represent key maturity upgrades aligned with ISO/IEC 27001:2022 and modern cybersecurity practices.
Information Security in Project Management
Management Review
Information Deletion
Security of User Endpoint Devices
Threat Intelligence
Data at Rest and in Motion
Cryptographic Requirements in Post-Quantum
Web Filtering
Third-Party Risk Management
Secure System Engineering Principles
Secure Coding
Is Your Organization Exposed to IAS 2.1 Compliance Risk?
Your organization may be non-compliant with IAS Version 2.1 if:
Newly introduced controls have not been implemented
Existing controls lack measurable effectiveness and audit evidence
Cloud services and third-party risks are not formally managed
Senior management cybersecurity oversight is not documented
Endpoint and remote work security controls are insufficient
This is why conducting a formal IAS 2.1 Gap Assessment is now critical.
IAS 2.1 Consulting Services by MAST Consulting Group
MAST Consulting Group helps UAE organizations achieve IAS 2.1 compliance with confidence — without unnecessary complexity.
Our UAE IAS Services Include:
IAS 2.1 gap assessment (new & changed controls)
Policy and procedure development
Risk-based control implementation
Cloud & third-party security governance
Audit and regulator readiness
Alignment with ISO/IEC 27001:2022
We focus on practical, auditable, and regulator-approved compliance.
