The SACS-002 (CCC) is split into two main sections, the General Requirements and the Specific Requirements.
The General Requirements apply to ALL Third Parties working with Saudi Aramco. It consists of 3 main clauses, 7 sub-clauses, and 24 controls.
The Specific Requirements apply to the Third Parties that are providing ICT oriented services as defined by Saudi Aramco. These requirements consist of 4 main clauses, 13 sub-clauses, and 62 controls. These will have to be met in addition to the 24 controls specified under the General Requirements.
The SACS-002 Third Party Cybersecurity Standard (CCC) is derived mainly from the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). Therefore, if you are already implementing NIST CSF in your organization, you are more than likely to be meeting most of the SACS-002 (CCC) requirements.