IAM Compliance Score
62
%
Needs Improvement
Target: ≥ 85% for SAMA CSF compliance
Critical Findings
23
Immediate action required
High Risk
47
Remediate within 7 days
Medium Risk
89
Remediate within 30 days
Low Risk
34
Schedule for next cycle
FINDINGS BY AUDIT CHECK
Violations per check category
RISK DISTRIBUTION BY DEPARTMENT
Findings breakdown per business unit
SYSTEM RISK EXPOSURE
Critical & high findings per system
Audit Checks — Click to View Findings
CHECK 01
Dormant Accounts
No login in 90+ days
ISO A.9.2.5
SAMA AC-3
NCA IAM-3
38
Findings
6
Critical Systems
CHECK 02
Orphaned Accounts
Terminated employees with active access
ISO A.9.2.6
SAMA AC-2
NCA IAM-2
23
Findings
3
Depts Affected
CHECK 03
Privileged Account Monitoring
Admin accounts without MFA / overdue reviews
ISO A.9.4.4
SAMA AC-6
NCA IAM-5
14
PAM Violations
9
No MFA
CHECK 04
Segregation of Duties Violations
Conflicting role combinations detected
ISO A.9.2.3
SAMA AC-5
NCA IAM-4
11
SoD Conflicts
3
Conflict Types
CHECK 05
Excessive Permissions
Least privilege principle violations
ISO A.9.2.2
SAMA AC-6
NCA IAM-3
31
Findings
5
Systems Affected
CHECK 06
JML Process Compliance
Joiner, Mover & Leaver lifecycle gaps
ISO A.9.2.1
SAMA AC-2
NCA IAM-1
42
JML Gaps
J:12 M:8 L:22
J/M/L Split
CHECK 07
Failed Login Anomalies (Brute Force Detection)
Accounts with 5+ failed attempts in 24h — external IPs flagged
ISO A.9.4.2
SAMA SI-3
NCA IAM-6
44
Anomaly Events
7
External IP Attacks
2
Potential Breaches
Control Framework Mapping
ISO 27001 — Annex A.9
A.9.2.1User registration & deregistration
A.9.2.2User access provisioning
A.9.2.3Management of privileged rights
A.9.2.5Review of user access rights
A.9.2.6Removal of access rights
A.9.4.2Secure log-on procedures
A.9.4.4Use of privileged utility programs
SAMA CSF — Access Control
AC-2Account management
AC-3Access enforcement
AC-5Separation of duties
AC-6Least privilege
SI-3Malicious code protection
NCA ECC — IAM Domain
IAM-1Identity lifecycle management
IAM-2Access provisioning & deprovisioning
IAM-3Privileged access management
IAM-4Segregation of duties
IAM-5Privileged account controls
IAM-6Authentication & access logging
Non-Compliant — Active Findings
Partially Compliant
Compliant