Control Mappings
A live mapping table linking SMB1001 controls to Abilay's policies, procedures, and guidelines — turning a complex cyber standard into a practical, easy-to-navigate reference.
SMB1001 levels are cumulative: a control shown from Level 1 also applies at higher levels.
| Control ID Applies from | Requirement | P01 P | P02 P | P03 P | P04 P | P05 P | P06 P | PR01 P | PR02 P | PR03 P | PR05 P | G01 G | G02 G | G03 G |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ Technology Management 7 controls | ||||||||||||||
1.1.0.0 / 1.1.1.0 From SMB1001 Level 1 | Engage technical support specialist for your organisation | ◑ | · | · | · | · | · | · | ◑ | · | · | · | · | · |
1.2.0.1 From SMB1001 Level 1 | Install and configure a firewall | ◑ | · | · | · | · | · | · | · | · | · | ● | · | · |
1.3.0.1 From SMB1001 Level 1 | Install anti-virus software on all organisation devices | ◑ | · | · | · | · | · | · | · | · | · | ● | · | · |
1.4.0.0 From SMB1001 Level 1 | Auto-install tested and approved software updates & patches | ◑ | · | · | · | · | · | · | · | · | · | ● | · | · |
1.5.0.0 From SMB1001 Level 2 | Install TLS certificates on all public internet-facing websites | ◑ | · | · | · | · | · | · | · | · | · | ● | · | · |
1.6.0.1 From SMB1001 Level 2 | Ensure all servers are updated and patched | ◑ | · | · | · | · | · | · | ◑ | · | · | · | · | · |
1.12.0.0 / 1.12.1.0 From SMB1001 Level 3 | Implement Endpoint Detection and Response (EDR / MDR) | ◑ | · | · | · | · | · | · | · | · | · | ◑ | · | · |
| ▼ Access Management 8 controls | ||||||||||||||
2.1.0.1 From SMB1001 Level 1 | Ensure strong password hygiene is maintained | ◑ | · | · | · | · | · | · | · | ◑ | · | · | ◑ | · |
2.2.0.0 From SMB1001 Level 2 | Ensure employee accounts do not have administrative privileges | ◑ | · | · | · | · | · | · | · | ● | · | · | ◑ | · |
2.3.0.0 From SMB1001 Level 2 | Ensure employees have individual user accounts | ◑ | · | · | · | · | · | · | · | ● | · | · | · | · |
2.4.0.1 / 2.4.1.1 From SMB1001 Level 2 | Implement a password manager system | ◑ | · | · | · | · | · | · | · | ◑ | · | · | ◑ | · |
2.5.0.0 / 2.5.1.0 From SMB1001 Level 2 | Multi-factor authentication (MFA) on all employee email accounts | ◑ | · | · | · | · | · | · | · | · | · | · | ● | · |
2.6.0.0 / 2.6.1.0 From SMB1001 Level 3 | MFA on all business applications and social media accounts | ◑ | · | · | · | · | · | · | · | · | · | · | ● | · |
2.7.0.1 From SMB1001 Level 3 | Ensure RDP connections only occur over VPN connections | ◑ | · | · | · | · | · | · | · | · | · | · | ● | · |
2.12.0.0 / 2.12.1.0 From SMB1001 Level 2 | Email Authentication and Anti-Spoofing (SPF / DKIM / DMARC) | ◑ | · | · | · | · | · | · | · | · | · | · | ● | · |
| ▼ Backup & Recovery 2 controls | ||||||||||||||
3.1.0.1 / 3.1.1.1 From SMB1001 Level 1 | Implement a backup and recovery strategy for important digital assets | ◑ | · | · | · | · | · | ● | · | · | · | · | · | · |
3.2.0.0 From SMB1001 Level 3 | Purchase and maintain business or cyber insurance | ◑ | · | · | ● | · | · | · | · | · | · | · | · | · |
| ▼ Policies, Processes & Plans 9 controls | ||||||||||||||
4.1.0.1 From SMB1001 Level 2 | Confidentiality agreement for all employees and contractors | ◑ | · | · | · | ● | · | · | · | · | · | · | · | · |
4.2.0.1 From SMB1001 Level 2 | Implement a policy with procedures to manage Invoice Fraud | ◑ | ● | · | · | · | · | · | · | · | · | · | · | · |
4.3.0.0 From SMB1001 Level 2 | Implement a visitor register | ◑ | · | · | · | · | · | · | · | · | ● | · | · | · |
4.4.0.0 From SMB1001 Level 3 | Implement a cyber security policy | ● | · | · | · | · | · | · | · | · | · | · | · | · |
4.5.0.0 / 4.5.1.0 From SMB1001 Level 3 | Implement a response plan for cyber-related incidents | ◑ | · | ● | · | · | · | · | · | · | · | · | · | · |
4.6.0.0 From SMB1001 Level 3 | Utilise secure methods of physical document destruction | ◑ | · | · | · | · | · | · | · | · | · | · | · | · |
4.7.0.0 From SMB1001 Level 3 | Ensure all computer devices storing sensitive data are disposed of securely | ◑ | · | · | · | · | · | · | ● | · | · | · | · | · |
4.8.0.0 / 4.8.1.0 From SMB1001 Level 3 | Implement and maintain a digital asset register | ◑ | · | · | · | · | · | · | ● | · | · | · | · | · |
4.11.0.0 From SMB1001 Level 3 | Implement a policy for the responsible and secure use of AI technology | ◑ | · | · | · | · | ● | · | · | · | · | · | · | · |
| ▼ Education & Training 1 control | ||||||||||||||
5.1.0.0 / 5.1.1.0 From SMB1001 Level 1 | Conduct cyber security awareness training for all employees | ◑ | · | · | · | · | · | · | ◑ | · | · | · | · | ● |
Why this mapping matters
The mapping table shows, at a glance, which document supports each SMB1001 requirement, who owns it, and where it sits in your governance framework. This clarity reduces duplication, removes guesswork, and ensures there are no gaps between what SMB1001 asks for and how your business operates in practice.
Support for assurance and audits
By consolidating this information, the table provides a single source of truth for internal reviews, external audits, and certification activities. Auditors and stakeholders can quickly trace each control through to the underlying evidence, making assessments faster, more consistent, and easier to repeat over time.
Enabling continuous improvement
As Abilay's policies evolve with each iteration of SMB1001, the mapping table helps you understand the impact of change across the standard. This structured view supports a deliberate roadmap from baseline compliance to higher levels of maturity, resilience, and customer trust.