Kotak-Securities-logo-white

Sectona at Infosecurity Europe 2025 | June 3–5 | ExCeL London

Stop by our booth (Stand C 95) for live demo of Sectona’s Modern Infrastructure Access Platform

Learn More
Learn More
Chat with Sales
Partners

Chat with Sales

Sectona-Logo-Inverse-white
Sectona-Logo-Inverse-white
Request Demo
/ Solutions / By Compliance / SAMA

Leverage Sectona to Address Privileged Access Controls as per SAMA Guidelines

Strengthening Saudi Arabia’s financial sector through a unified cybersecurity framework ensuring resilience and risk mitigation.

Overview

With rapidly evolving technology and the growing threat of cyberattacks, the Kingdom of Saudi Arabia has taken a proactive stance in strengthening the protection of sensitive data, transactions, and public confidence in its financial sector. In May 2017, the Saudi Arabian Monetary Authority (SAMA) introduced the Cyber Security Framework to help organisations effectively identify and mitigate cyber risks.

The primary objective of the SAMA Cyber Security Framework is to establish a unified approach to cybersecurity, ensuring that member organisations achieve an appropriate level of maturity in their security controls and manage cyber risks effectively across all operations. The framework clearly defines cybersecurity principles and objectives, structured across key domains – Leadership and Governance, Risk Management and Compliance, Operations and Technology, and Third-Party Management.

Within these domains, we have highlighted specific clauses related to Privileged Access Management (PAM).

Focus Points

Clause 3.3.5.4a
Business Requirement
Granting access control only on need-to-have and need-to-know basis.

Clause 3.3.5.4b
User Access Management
Identifying user types across internal staff and third-parties, processing access rights, and periodically reviewing them.

Clause 3.3.16
Threat Management
An approved and well-defined process to identify threats, take appropriate action, and review it regularly.

Clause 3.3.5.4f
Privileged and Remote Access Management
Allocation and restricted use of privileged and remote access, enforcing multi-factor authentication (MFA) as an additional layer of security, and ensuring individual accountability.

Clause 3.3.5.4f.4
Non-Personal Privileged Accounts
Managing the use of non-personal privileged accounts by enforcing restrictions and monitoring, ensuring password confidentiality, and requiring frequent password changes, including after each session.


Clause 3.3.5.4e
Multi-Factor Authentication
Prevent compromise of sensitive and critical systems and profiles.

Related Resources
Solution Briefs
Guide to ISO/IEC 27001:2022 – Requirement Mapping for PAM and EPM Compliance
Read More
Solution Briefs
Feature Mapping: HIPAA Compliance Guidelines and Sectona Platform
Read More
Solution Briefs
Feature Mapping: RBI Cyber Security Framework and Sectona Platform
Read More
Solution

The Sectona PAM solution is a modern and next-generation platform that integrates multiple capabilities, including password management, MFA, session recording, and threat analytics. Designed to align with customers’ governance and compliance requirements, it enables organisations to achieve regulatory compliance with confidence. The following use cases demonstrate how Sectona aligns with the SAMA Cyber Security Framework.

Clause

Clause 3.3.5.4a

Control

Business Requirement
Granting access control only on need-to-have and need-to-know basis.

How Can Sectona Help?

  • Works on micro-services architecture, embedding all components into web console, controlled via central management console.
  • Allows users to take access from any OS, HTML5 supported browser without the need of plugins.
  • Enforces access policies on a granular scale for a password-less transparent access.
  • Eases discovery of assets and accounts across infrastructure with schedulers and automated onboarding.

Clause

Clause 3.3.5.4b and 3.3.5.4f.4

Control

User Access Management
Identifying user types across internal staff and third-parties, processing access rights, and periodically reviewing them.

Non-Personal Privileged Accounts
Managing the use of non-personal privileged accounts by enforcing restrictions and monitoring, ensuring password confidentiality, and requiring frequent password changes, including after each session.

How Can Sectona Help?

  • Ensures seamless access provisioning through tight Integration with the Active Directory.
  • Enables validation and approval of changes to user roles by authorised personnel through maker-checker facility.
  • Automates access provisioning to users with attribute-based grouping, based on their roles and user bands.
  • Enables administrators to monitor live sessions and terminate them with complete audit.
  • Facilitates complete management of passwords including rotation, verification, and reconciliation, through password vault.
  • Allows users to define the frequency and complexity for password change.

Clause

Clause 3.3.5.4f

Control

Privileged and Remote Access Management
Allocation and restricted use of privileged and remote access, enforcing multi-factor authentication (MFA) as an additional layer of security, and ensuring individual accountability.

How Can Sectona Help?

  • Enables VPN-less workflow-based access for outsourced activities, granting access through MFA upon approval.
  • Ensures individual accountability by securely collaborating with third-party users and vendors for privilege access on critical systems.
  • Enforces browser-based access to the non-personal privileged account for true session isolation and periodic monitoring.

Clause

Clause 3.3.5.4e

Control

Multi-Factor Authentication
Prevent compromise of sensitive and critical systems and profiles.

How Can Sectona Help?

  • Ensures extra security by being readily available to integrate with MFA providers like Okta, RSA, OneLogin, or Google Authenticator.
  • Facilitates in-built proprietary mobile OTP, push authentication, SMS, or email options for MFA.
  • Enforces adaptive MFA that assesses user access risk based on time, location, and device attributes.

Clause

Clause 3.3.16

Control

Threat Management
An approved and well-defined process to identify threats, take appropriate action, and review it regularly.

How Can Sectona Help?

  • Captures logs of all activities and events in both command and video formats across all privileged sessions.
  • Calculates a composite risk score based on pre-determined criteria for activities across each privileged session. Based on the level of criticality, remediation action can be taken.
Related Resources
Solution Briefs
Guide to ISO/IEC 27001:2022 – Requirement Mapping for PAM and EPM Compliance
Read More
Solution Briefs
Feature Mapping: HIPAA Compliance Guidelines and Sectona Platform
Read More
Solution Briefs
Feature Mapping: RBI Cyber Security Framework and Sectona Platform
Read More

Deploy Fast, Run without Disruption

Sectona provides a platform that is easy to deploy, use, and maintain. Updates take minimal downtime, do not require identity-specialist skills, and keep your business running without interruptions.

Download Whitepaper

2x

Faster go to market times for customers

3x

More scalable than traditional solutions

Customer Success Stories

Liva-Group-Thumbnail1
Customer Stories

Liva Group Strengthens Security and Compliance through Multi-Cloud Expansion with Sectona PAM

Read More
Alizz-Islamic-Bank-Thumbnail1
Customer Stories

Alizz Islamic Bank Transforms Access Management at Scale and Reinforces Enterprise Security with Sectona

Read More
GT-Bank
Customer Stories

Guaranty Trust Bank Sets up a Comprehensive Privileged Access Management Framework with Sectona

Read More
Yotta-Thumbnail
Customer Stories

Yotta Leverages Sectona’s Privileged Access Management (PAM) as a Service to Secure Multi-Tenant Infrastructure

Read More
Dhanlaxmi-Bank-Thumbnail
Customer Stories

99-Year-Old Dhanlaxmi Bank Upholds Mission to Innovate and Improves Customer Satisfaction with Sectona

Read More
EGI-Thumbnail
Customer Stories

Zuno General Insurance Secures Business Critical Applications with Sectona to Deliver Excellence Round-the-Clock

Read More
ENPI-Thumbnail
Customer Stories

A Pioneer Packaging Group Trusts Sectona to Secure Its State-of-the-Art Technologies That Help Deliver World-class Services

Read More
IEX-Thumbnail
Customer Stories

Indian Energy Exchange Enables Efficient Trading for 6000+ Participants with Sectona

Read More
Kotak-Securities-Thumbnail
Customer Stories

One of India’s Best Equity Brokers Powers 800,000+ Daily Trades with Resilient Access Security from Sectona

Read More
M1-Exchange-Thumbnail
Customer Stories

M1Xchange Secures Nationwide Trade Finance and Strengthens Access Governance with Sectona

Read More
NSSF-Thumbnail
Customer Stories

The National Social Security Fund of Uganda Leverages Sectona to Improve Compliance and Govern Privileged Access

Read More

Modernise Your Privileged Access Stack Today

Talk to Sales
Built for Scale. Trusted Globally.
Sectona-Invert-Color-logo@2x

Solutions by Industry

Solutions by Compliances

Products

Resources

Customer Resources

Technical Support

Company

Partners

  • © 2026 Sectona Technologies Private Limited. All rights reserved. All trademarks held by their respective owners.
Built for Scale. Trusted Globally.
Sectona-Invert-Color-logo@2x

Solutions by Industry

Solutions by Compliances

Products

Resources

Customer Resources

Technical Support

Company

Partners

  • © 2026 Sectona Technologies Private Limited. All rights reserved. All trademarks held by their respective owners.
Built for Scale. Trusted Globally.
Sectona-Invert-Color-logo@2x

Solutions by
Industry

Solutions by Compliances

Products

Resources

Customer Resources

Technical Support

Company

Partners

  • © 2026 Sectona Technologies Private Limited. All rights reserved. All trademarks held by their respective owners.