• Nation First: All engagements must advance the national interest and contribute to strengthening cyber resilience.

• Transparency: Engagements shall be conducted openly with clear scope, documentation, and oversight.

• Neutrality: NCSA maintains impartiality and avoids favoritism toward vendors, auditors, or managed service providers under its regulatory oversight.

• Integrity: All partnerships will adhere to confidentiality, accountability, and ethical conduct.

• Flexibility: NCSA retains the right to revise or amend this Framework as necessary to adapt to evolving national and international conditions.

Nurture – Collaborate – Secure – Adapt

• Government Entities: Support in cybersecurity initiatives, technology advancement, tool sharing, and development within available resources.

• Higher Education: Recognition of cybersecurity components in academic programs; support for teaching, curriculum alignment, and joint research.

• Research and Development (R&D): Collaborative projects advancing AI, secure software development, and cyber resilience technologies.

• Capacity Building: Knowledge-sharing, training, and workforce development.

• NGOs, Media, and Non-Profit Institutes: Partnerships in awareness campaigns and national education initiatives.

• International Bodies: Bilateral and multilateral cooperation in line with regional and global best practices.

NCSA formally recognizes the following cybersecurity certifications as benchmarks of professional competence:

• I. CompTIA Security+

• II. CompTIA CySA+ (Cybersecurity Analyst)

• III. CompTIA CASP+ (Advanced Security Practitioner)

• IV. GIAC Security Essentials (GSEC)

• V. Certified Ethical Hacker (CEH)

• VI. Certified Information Systems Security Professional (CISSP)

• VII. Certified Information Security Manager (CISM)

• VIII. Certified Cloud Security Professional (CCSP)

• IX. Certified Information Systems Auditor (CISA)

• X. Certified Chief Information Security Officer (CCISO)

• XI. Certified in the Governance of Enterprise IT (CGEIT)

• XII. Certified in Risk and Information Systems Control (CRISC)

• NCSA does not assume the functions of the national technology body in providing commercial software, applications, or IT solutions, except where explicitly mandated by law or where cybersecurity oversight requires such action.

• Engagements with private entities shall not create obligations or endorsements that compromise NCSA’s regulatory neutrality.

• Vendor participation in NCSA activities is limited to Corporate Social Responsibility (CSR) contributions, accepted solely for public-benefit purposes, such as: • Awareness events and national capacity-building programs. • Public-interest programs requiring sustainable financing (e.g., national bug bounty schemes).

• Acceptance of CSR contributions does not constitute endorsement or preference in regulatory or procurement contexts.

• NCSA reserves the right, in matters of national sovereignty, to prioritize local-first policies where it serves a clear government advantage in safeguarding national security.

Any Memorandum of Understanding (MoU) that exercise this framework for collaboration entered by NCSA shall include, at minimum, the following standard clause and any one of the benefit clause:

**6.1 Standard Clauses**

• 1. Alignment Clause: Activities must align with the National Cyber Security Strategy.

• 2. Transparency Clause: All engagements will be documented and subject to oversight.

• 3. Scope of Work Clause: Clearly define objectives, deliverables, and timelines.

• 4. Neutrality Clause: NCSA does not endorse or favour any vendor or commercial entity.

• 5. Confidentiality Clause: Sensitive information shall be protected under agreed protocols.

• 6. Review & Reporting Clause: Engagements will be subject to review, reporting, and outcome assessments.

• 7. Amendment Clause: NCSA reserves the right to amend the Framework or any MoU in line with evolving requirements.

• 8. Termination Clause: Agreements may be terminated under defined conditions, ensuring continuity of public trust.

**6.2 Benefit Clauses**

• 1. Capacity Building Clause: Collaborations should contribute to national skill development or knowledge sharing.

• 2. Research & Development Clause: Partnerships should advance innovation in cybersecurity and AI.

This Framework supports the Maldives National Cyber Security Strategy pillars:

• Governance & Policy – Ensuring clarity and accountability.

• Public & Private Interests – Balancing national priorities with collaborative opportunities.

• Cyber Defence & Resilience – Strengthening preparedness through joint R&D.

• Awareness & Education – Enhancing public knowledge and capacity.

• International Partnerships & Regional Leadership – Positioning Maldives as a trusted global partner.

• Collaborations will be measured against national cybersecurity performance indicators, including improvements in the ITU Cybersecurity Index, reduction of incidents, and increased public trust.

• Annual reports will summarize key outcomes and demonstrate transparency.

• NCSA retains the right to review, adjust, or discontinue collaborations in the national interest.

This Framework ensures that NCSA’s collaborations foster innovation, education, and national advancement while maintaining impartiality, legal defensibility, and transparency. It positions the Agency as an enabler of progress, while protecting its role as a neutral and sovereign regulator.

Together, we nurture, collaborate, secure, and adapt — always putting the nation first.