The SAMA Sub-Controls page is the detailed control library for the SAMA Cyber Security Framework. Each row is one sub-control, mapped to its subdomain and domain, with an implementation status you maintain over time.
Seeding the reference catalogue
A new organisation starts with an empty library. Click Seed reference catalogue to populate the full set of SAMA sub-controls (around 107 across all four domains). Seeding is idempotent: it only adds controls you do not already have, so it is safe to run again after a framework update. The button reports how many were seeded and how many were already present.
Finding a control
Above the table, three filters help you narrow a large library:
- Search by control reference or title.
- Domain filter to focus on a single SAMA domain.
- Status filter (Implemented, Partial, Missing, N/A).
Implementation status
| Status | Meaning |
|---|---|
| Implemented | The control is fully in place and operating. |
| Partially implemented | Some elements are in place; work remains. |
| Not implemented | The control is not yet in place. |
| Not applicable | The control does not apply to your organisation, with a justification recorded in the notes. |
Control detail
Click a control title to open its detail page. Here you can review the domain and subdomain context and the control description, then use Edit to update:
- Implementation status
- Control type (technical, administrative, or physical)
- Implementation notes - how the control is satisfied in your environment
- Evidence notes - pointers to the supporting evidence
Editing requires the Admin role or the sama.edit permission.