Skip to main content

SAMA controllers

Trio articles

SAMA from our side only handle the ( 3.3: Cyber Security Operations and Technology )

New Version will handle 27 Controls

Control Check: Check the control from back-end stored data. {Back-End stored data will be updated hourly from agents}

Evidence: is the result of control test in case of pass or failed which can be collected when its faild and after remediation will pass.

  • 3.3.1: Human Resources (Category)

  • 3.3.1.3.e: Post-Employment as Off-Boarding -> (1/1) Control-Check

  • 3.3.1.3.e.1: Revoking Access Rights -> Pass

  • 3.3.3: Asset Management (Category)

  • 3.3.3.3 Asset Management Process (5/5) Control Check

  • 3.3.3.3.a: Unified Register System -> Pass

  • 3.3.3.3.b: Ownership and Custodian of Information Asset -> Pass

  • 3.3.3.3.c: The Reference to Relevant other process, depending on asset management -> Pass

  • 3.3.3.3.d: information asset classification -> Pass

  • 3.3.3.3.e: Discovery new assets -> Pass

  • 3.3.5: Identity and Access Management (Category)

  • 3.3.5.4: Identity and Access Management Policy (12/12) Control Check

  • 3.3.5.4.b.1: Covering User Types -> Pass

  • 3.3.5.4.c: User Access Management Automation -> Pass

  • 3.3.5.4.d: Centralized Identity and Access Management -> Pass

  • 3.3.5.4.e: MFA for System and Profiles -> Pass

  • 3.3.5.4.f: Privileged & Remote Access Management -> Pass

  • 3.3.5.4.f.1.a: MFA for All Remote Access -> Pass

  • 3.3.5.4.f.1.b: MFA for Access based on Risk Assessment -> Pass

  • 3.3.5.4.f.3: Individual Accountability -> Pass

  • 3.3.5.4.f.4: Non-Personal Privilege -> Pass

  • 3.3.5.4.f.4.1: Limitation & Monitoring -> Pass

  • 3.3.5.4.f.4.2: Confidentiality of Passwords -> Pass

  • 3.3.5.4.f.4.3: Changing Password Frequently -> Password Policy must be applied

  • 3.3.6: Application Security (Category)

  • 3.3.6.5: Application Security Standards (2/2) Control Check

  • 3.3.6.5.b: Cyber Security Controls Implementation for Application Security

  • 3.3.6.5.e: Vulnerability and Patch Management

  • 3.3.10: BYOD (Category)

  • 3.3.10.4: BYOD Standards (4/4)

  • 3.3.10.4.b: Restriction on Loss Personal Device -> Pass

  • 3.3.10.4.c: Corporate environment separation from Personal -> Pass

  • 3.3.10.4.d: Approved Public Apps -> App Policy must be applied

  • 3.3.10.4.e: MDM Solution Enabled -> Pass

  • 3.3.16: Threat Management (Category)

  • 3.3.16.3: Threat Intelligence Management (1/1) Control Check

  • 3.3.16.3.a: Policy, Compliance -> Pass

  • 3.3.17: Vulnerability Management (Category)

  • 3.3.17.2: Vulnerability Measure and Monitor -> (2/2) Control Check

  • 3.3.17.2.b: Vulnerability Scan -> Pass

  • 3.3.17.2.f: Patch Management -> Pass

Related Articles
Add New Admin
Implementing SAMA Compliance for Endpoints with Trio — Technical Overview
Implementing NCA Compliance for Endpoints with Trio — Technical Brief
IT admins in Trio MSP
Asset management in Trio
Did this answer your question?