Skip to main content
Home · Standards · Central Bank of UAE IT and Cybersecurity Standards
Standard · CBUAE Cybersecurity

Central Bank of UAE IT and Cybersecurity Standards

The Central Bank of UAE (CBUAE) issues IT and cybersecurity standards for licensed financial institutions in the UAE — the Banking Standards, the IT Risk Management Standards, and the Cybersecurity Standards. For ITAD specifically, CBUAE expectations align with the UAE PDPL framework but add banking-specific operational discipline. Maxicom UAE engagements with CBUAE-licensed banks are structured to satisfy CBUAE in admissible form for CBUAE inspection.

CBUAE scope

CBUAE supervises ~50 banks operating in the UAE (national banks, foreign branch banks, Islamic banks, finance companies, exchange houses). All operate to CBUAE IT and cybersecurity standards. Branch network refresh cycles produce predictable retiring volumes.

Banking Standards — IT asset management

CBUAE Banking Standards include IT asset management expectations parallel to CBUAE and NESA frameworks. Per-asset inventory at retirement, sanitisation matched to classification, per-asset certificate, retention 8+ years.

UAE bank engagement profile

Tier-1 UAE banks (FAB, ENBD, ADCB, DIB, ADIB, Mashreq) refresh on 3-5 year cycles across multi-emirate branch networks. Engagement model: programme-level master service agreements, NDA-bound, witness destruction standard for top-classified.

Regulator & standards stack — UAEEvery Maxicom certificate is admissible against the full UAE stackUNIVERSALNIST SP 800-88 Rev. 1 · IEEE 2883-2022 · DoD 5220.22-M · documented chain-of-custody🇦🇪 UNITED ARAB EMIRATES · AEDPrivacy: UAE PDPL · DIFC DPL · ADGM Data ProtectionCyber / sector: CBUAE · NESA · TDRASettlement in AED · admissible at UAE audit
Reviewed by the Maxicom compliance desk. Last updated April 2026.
Operates to NIST 800-88 · UAE PDPL · IEEE 2883-2022
References

Authoritative references

Primary sources for the standards and frameworks referenced on this page. Maxicom maps every engagement to these recognised authorities.

Frequently asked questions

Frequently asked questions

Are Maxicom certificates CBUAE-inspection-acceptable?

Yes. Per-asset detail, NIST SP 800-88 / IEEE 2883 method citation, chain-of-custody reference, operator + witness signatures.

Does CBUAE directly regulate Maxicom?

No — CBUAE regulates the bank; Maxicom is the disposition vendor. CBUAE has audit-of-vendor rights through the bank contract.

What about Islamic banks — different requirements?

CBUAE applies the same IT and cybersecurity standards to conventional and Islamic banks. Sharia-compliance review of refurb-resale routing is occasionally required and accommodated.

When you are ready

Send the asset list. We will send the number.

A photograph of the rack works. A spreadsheet works better. AED settlement, against PO.

sales@maxicom.ae · per engagement SLA