Control Mappings
A live mapping table linking SMB1001 controls to Abilay's policies, procedures, and guidelines — turning a complex cyber standard into a practical, easy-to-navigate reference.
SMB1001 levels are cumulative: a control shown from Level 1 also applies at higher levels.
| Control ID Applies from | Requirement | P01 P | P02 P | P03 P | PR01 P | PR02 P | PR03 P | G01 G | G02 G | G03 G |
|---|---|---|---|---|---|---|---|---|---|---|
| ▼ Technology Management 6 controls | ||||||||||
1.1.0.0/1.1.1.0 From SMB1001 Level 1 | Engage technical support specialist | ◑ | · | · | · | ● | · | · | · | · |
1.2.0.0 From SMB1001 Level 1 | Install and configure a firewall | ◑ | · | · | · | · | · | ● | · | · |
1.3.0.0 From SMB1001 Level 1 | Install anti-virus software | ◑ | · | · | · | · | · | ● | · | · |
1.4.0.0 From SMB1001 Level 1 | Auto-install software updates & patches | ◑ | · | · | · | · | · | ● | · | · |
1.5.0.0 From SMB1001 Level 2 | Install TLS certificates on public-facing sites | ◑ | · | · | · | · | · | ● | · | · |
1.6.0.0 From SMB1001 Level 3 | Ensure all servers updated and patched | ◑ | · | · | · | ● | · | ◑ | · | · |
| ▼ Access Management 7 controls | ||||||||||
2.1.0.0 From SMB1001 Level 1 | Change passwords routinely | ◑ | · | · | · | · | ● | · | ◑ | · |
2.2.0.0 From SMB1001 Level 2 | No admin privileges on standard employee accounts | ◑ | · | · | · | · | ● | · | · | · |
2.3.0.0 From SMB1001 Level 2 | Individual user accounts for all employees | ◑ | · | · | · | · | ● | · | · | · |
2.4.0.0/2.4.1.0 From SMB1001 Level 2 | Implement a password manager | ◑ | · | · | · | · | ● | · | ◑ | · |
2.5.0.0/2.5.1.0 From SMB1001 Level 2 | MFA on all employee email accounts | ◑ | · | · | · | · | ◑ | · | ● | · |
2.6.0.0/2.6.1.0 From SMB1001 Level 3 | MFA on business apps & social media accounts | ◑ | · | · | · | · | · | · | ● | · |
2.7.0.0 From SMB1001 Level 3 | RDP connections only over VPN | ◑ | · | · | · | · | · | · | ● | · |
| ▼ Backup & Recovery 1 control | ||||||||||
3.1.0.0/3.1.1.0 From SMB1001 Level 1 | Backup and recovery strategy | · | · | ◑ | ● | · | · | · | · | · |
| ▼ Policies, Processes & Plans 8 controls | ||||||||||
4.1.0.0 From SMB1001 Level 2 | Confidentiality agreement for all employees | ● | · | · | · | · | · | · | · | · |
4.2.0.0 From SMB1001 Level 2 | Policy to manage invoice fraud | · | ● | · | · | · | · | · | · | · |
4.3.0.0 From SMB1001 Level 2 | Implement a visitor register | ● | · | · | · | · | · | · | · | · |
4.4.0.0 From SMB1001 Level 3 | Implement a cybersecurity policy | ● | · | · | · | · | · | · | · | · |
4.5.0.0/4.5.1.0 From SMB1001 Level 3 | Implement a cyber incident response plan | · | · | ● | · | · | · | · | · | · |
4.6.0.0 From SMB1001 Level 3 | Secure physical document destruction | ● | · | · | · | · | · | · | · | · |
4.7.0.0 From SMB1001 Level 3 | Secure device disposal | ● | · | · | · | ◑ | · | · | · | · |
4.8.0.0/4.8.1.0 From SMB1001 Level 3 | Implement and maintain a digital asset register | ◑ | · | · | · | ● | · | · | · | · |
| ▼ Education & Training 1 control | ||||||||||
5.1.0.0/5.1.1.0 From SMB1001 Level 3 | Cybersecurity awareness training | ● | · | · | · | · | · | · | · | ● |
Why this mapping matters
The mapping table shows, at a glance, which document supports each SMB1001 requirement, who owns it, and where it sits in your governance framework. This clarity reduces duplication, removes guesswork, and ensures there are no gaps between what SMB1001 asks for and how your business operates in practice.
Support for assurance and audits
By consolidating this information, the table provides a single source of truth for internal reviews, external audits, and certification activities. Auditors and stakeholders can quickly trace each control through to the underlying evidence, making assessments faster, more consistent, and easier to repeat over time.
Enabling continuous improvement
As Abilay's policies evolve with each iteration of SMB1001, the mapping table helps you understand the impact of change across the standard. This structured view supports a deliberate roadmap from baseline compliance to higher levels of maturity, resilience, and customer trust.