Control Mappings
A live mapping table linking SMB1001 controls to Abilay's policies, procedures, and guidelines — turning a complex cyber standard into a practical, easy-to-navigate reference.
| Control ID | Requirement | P01 P | P02 P | P03 P | PR01 P | PR02 P | PR03 P | G01 G | G02 G | G03 G |
|---|---|---|---|---|---|---|---|---|---|---|
| ▼ Technology Management 6 controls | ||||||||||
1.1.0.0/1.1.1.0 L1/4 | Engage technical support specialist | ◑ | · | · | · | ● | · | · | · | · |
1.2.0.0 L1 | Install and configure a firewall | ◑ | · | · | · | · | · | ● | · | · |
1.3.0.0 L1 | Install anti-virus software | ◑ | · | · | · | · | · | ● | · | · |
1.4.0.0 L1 | Auto-install software updates & patches | ◑ | · | · | · | · | · | ● | · | · |
1.5.0.0 L2 | Install TLS certificates on public-facing sites | ◑ | · | · | · | · | · | ● | · | · |
1.6.0.0 L3 | Ensure all servers updated and patched | ◑ | · | · | · | ● | · | ◑ | · | · |
| ▼ Access Management 7 controls | ||||||||||
2.1.0.0 L1 | Change passwords routinely | ◑ | · | · | · | · | ● | · | ◑ | · |
2.2.0.0 L2 | No admin privileges on standard employee accounts | ◑ | · | · | · | · | ● | · | · | · |
2.3.0.0 L2 | Individual user accounts for all employees | ◑ | · | · | · | · | ● | · | · | · |
2.4.0.0/2.4.1.0 L2/3 | Implement a password manager | ◑ | · | · | · | · | ● | · | ◑ | · |
2.5.0.0/2.5.1.0 L2/4 | MFA on all employee email accounts | ◑ | · | · | · | · | ◑ | · | ● | · |
2.6.0.0/2.6.1.0 L3/5 | MFA on business apps & social media accounts | ◑ | · | · | · | · | · | · | ● | · |
2.7.0.0 L3 | RDP connections only over VPN | ◑ | · | · | · | · | · | · | ● | · |
| ▼ Backup & Recovery 1 control | ||||||||||
3.1.0.0/3.1.1.0 L1/4 | Backup and recovery strategy | · | · | ◑ | ● | · | · | · | · | · |
| ▼ Policies, Processes & Plans 8 controls | ||||||||||
4.1.0.0 L2 | Confidentiality agreement for all employees | ● | · | · | · | · | · | · | · | · |
4.2.0.0 L2 | Policy to manage invoice fraud | · | ● | · | · | · | · | · | · | · |
4.3.0.0 L2 | Implement a visitor register | ● | · | · | · | · | · | · | · | · |
4.4.0.0 L3 | Implement a cybersecurity policy | ● | · | · | · | · | · | · | · | · |
4.5.0.0/4.5.1.0 L3/5 | Implement a cyber incident response plan | · | · | ● | · | · | · | · | · | · |
4.6.0.0 L3 | Secure physical document destruction | ● | · | · | · | · | · | · | · | · |
4.7.0.0 L3 | Secure device disposal | ● | · | · | · | ◑ | · | · | · | · |
4.8.0.0/4.8.1.0 L3/5 | Implement and maintain a digital asset register | ◑ | · | · | · | ● | · | · | · | · |
| ▼ Education & Training 1 control | ||||||||||
5.1.0.0/5.1.1.0 L3/5 | Cybersecurity awareness training | ● | · | · | · | · | · | · | · | ● |
Why this mapping matters
The mapping table shows, at a glance, which document supports each SMB1001 requirement, who owns it, and where it sits in your governance framework. This clarity reduces duplication, removes guesswork, and ensures there are no gaps between what SMB1001 asks for and how your business operates in practice.
Support for assurance and audits
By consolidating this information, the table provides a single source of truth for internal reviews, external audits, and certification activities. Auditors and stakeholders can quickly trace each control through to the underlying evidence, making assessments faster, more consistent, and easier to repeat over time.
Enabling continuous improvement
As Abilay's policies evolve with each iteration of SMB1001, the mapping table helps you understand the impact of change across the standard. This structured view supports a deliberate roadmap from baseline compliance to higher levels of maturity, resilience, and customer trust.