Find framework requirements by search terms and filters

List framework requirements for the primary workspace, given the provided search terms and filters

Securitybearer
Request
query Parameters
page
number >= 1
Default: 1

Which page of data are you requesting

limit
number [ 1 .. 50 ]
Default: 20

How many items are you requesting

q
string

Filter data by searching for requirement name or description/long description

Example: q=A1.1
frameworkSlug
string

Filter requirements on their framework slug

Example: frameworkSlug=soc2
excludeIds
Array of numbers

Exclude requirements by array of id

Example: excludeIds=1&excludeIds=2
excludeControlId
number

Control id to be excluded

Example: excludeControlId=1
isInScope
boolean or null

Filter requirements if they are in/out of scope

Example: isInScope=false
isReady
boolean or null

Filter requirements if they are or not ready

Example: isReady=false
isInScopeControls
boolean or null

Filter requirements if they are linked to controls that are in/out of scope

Example: isInScopeControls=false
topic
Array of strings or null

Filter requirements on their topic

Enum: "AVAILABILITY" "CONFIDENTIALITY" "SECURITY" "PRIVACY" "PROCESS_INTEGRITY" "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" "BASIC" "DERIVED" "NIST80053_PRIVACY"
Example: topic=ADMINISTRATIVE_SAFEGUARDS&topic=AVAILABILITY
category
Array of strings or null

Filter requirements on their category

Enum: "SOC_2_AVAILABILITY" "SOC_2_CONFIDENTIALITY" "SOC_2_CONTROL_ENVIRONMENT" "SOC_2_COMMUNICATION_AND_INFORMATION" "SOC_2_RISK_ASSESSMENT" "SOC_2_MONITORING_ACTIVITIES" "SOC_2_CONTROL_ACTIVITIES" "SOC_2_LOGICAL_AND_PHYSICAL_ACCESS_CONTROLS" "SOC_2_SYSTEM_OPERATIONS" "SOC_2_CHANGE_MANAGEMENT" "SOC_2_RISK_MITIGATION" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_NOTICE_AND_COMMUNICATION_OF_REQUIREMENTS_RELATED_TO_PRIVACY" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_CHOICE_AND_CONSENT" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_COLLECTION" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_USE_RETENTION_AND_DISPOSAL" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_ACCESS" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_DISCLOSURE_AND_NOTIFICATION" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_QUALITY" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_MONITORING_AND_ENFORCEMENT" "SOC_2_PROCESS_INTEGRITY" "ISO27001_CONTEXT_OF_THE_ORGANIZATION" "ISO27001_LEADERSHIP" "ISO27001_PLANNING" "ISO27001_SUPPORT" "ISO27001_OPERATION" "ISO27001_PERFORMANCE_EVALUATION" "ISO27001_IMPROVEMENT" "ISO_INFORMATION_SECURITY_POLICIES" "ISO_ORGANIZATION_OF_INFORMATION_SECURITY" "ISO_HUMAN_RESOURCES_SECURITY" "ISO_ASSET_MANAGEMENT" "ISO_ACCESS_CONTROL" "ISO_CRYPTOGRAPHY" "ISO_PHYSICAL_AND_ENVIRONMENTAL_SECURITY" "ISO_OPERATIONS_SECURITY" "ISO_COMMUNICATIONS_SECURITY" "ISO_SYSTEM_ACQUISITION_DEVELOPMENT_AND_MAINTENANCE" "ISO_SUPPLIER_RELATIONSHIPS" "ISO_INFORMATION_SECURITY_INCIDENT_MANAGEMENT" "ISO27001_INFORMATION_SECURITY_ASPECTS_OF_BUSINESS_CONTINUITY_MANAGEMENT" "ISO_COMPLIANCE" "HIPAA_SECURITY" "HIPAA_BREACH_NOTIFICATION" "HIPAA_PRIVACY" "PCI_FIREWALL" "PCI_PASSWORDS" "PCI_DATA_AT_REST_PROTECTION" "PCI_DATA_IN_TRANSIT_ENCRYPTION" "PCI_MALWARE_PROTECTION" "PCI_SECURE_SYSTEM_MANAGEMENT" "PCI_ACCESS_RESTRICTION" "PCI_SYSTEM_ACCESS_CONTROL" "PCI_PHYSICAL_ACCESS_CONTROL" "PCI_NETWORK_ACCESS_MONITORING" "PCI_VULNERABILITY_TESTING" "PCI_INFORMATION_SECURITY_POLICY" "GDPR_PRINCIPLES" "GDPR_RIGHTS_OF_THE_DATA_SUBJECT" "GDPR_CONTROLLER_AND_PROCESSOR" "GDPR_TRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_OR_INTERNATIONAL_ORGANIZATIONS" "CCPA_INDIVIDUAL_RIGHTS" "CCPA_SERVICE_PROVIDER" "CCPA_NOTICES_TO_CONSUMERS" "CCPA_BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS" "CCPA_VERIFICATION_OF_REQUESTS" "CCPA_SPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGE" "CCPA_NON_DISCRIMINATION" "MSSSPA_MANAGEMENT" "MSSSPA_NOTICE" "MSSSPA_CHOICE_AND_CONSENT" "MSSSPA_COLLECTION" "MSSSPA_RETENTION" "MSSSPA_DATA_SUBJECTS" "MSSSPA_DISCLOSURE_TO_THIRD_PARTIES" "MSSSPA_QUALITY" "MSSSPA_MONITORING_AND_ENFORCEMENT" "NISTCSF_IDENTIFY" "NISTCSF_PROTECT" "NISTCSF_DETECT" "NISTCSF_RESPOND" "NISTCSF_RECOVER" "NIST800171R2_TECHNICAL" "NIST800171R2_OPERATIONAL" "ISO277012019_PIMS_SPECIFIC_REQUIREMENTS" "ISO277012019_PIMS_SPECIFIC_GUIDANCE" "PII_CONTROLS_GUIDANCE" "PII_PROCESSORS_GUIDANCE" "CCPA_SECURITY" "MSSSPA_SECURITY" "NIST800171R2_MANAGEMENT" "FFIEC_CYBER_RISK_MANAGEMENT_AND_OVERSIGHT" "FFIEC_THREAT_INTELLIGENCE_AND_COLLABORATION" "FFIEC_CYBERSECURITY_CONTROLS" "FFIEC_EXTERNAL_DEPENDENCY_MANAGEMENT" "FFIEC_CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE" "NISTSP80053_TECHNICAL" "NISTSP80053_OPERATIONAL" "NISTSP80053_MANAGEMENT" "CMMC_TECHNICAL" "CMMC_OPERATIONAL" "CMMC_MANAGEMENT" "COBIT_EVALUATE_DIRECT_AND_MONITOR" "COBIT_ALIGN_PLAN_AND_ORGANIZE" "COBIT_BUILD_ACQUIRE_AND_IMPLEMENT" "COBIT_DELIVER_SERVICE_AND_SUPPORT" "COBIT_MONITOR_EVALUATE_AND_ASSESS" "SOX_ITGC_PROGRAM_DEVELOPMENT" "SOX_ITGC_CHANGE_MANAGEMENT" "SOX_ITGC_SYSTEM_OPERATIONS" "SOX_ITGC_ACCESS_MANAGEMENT" "ISO270012022_CONTEXT_OF_THE_ORGANIZATION" "ISO270012022_LEADERSHIP" "ISO270012022_PLANNING" "ISO270012022_SUPPORT" "ISO270012022_OPERATION" "ISO270012022_PERFORMANCE_EVALUATION" "ISO270012022_IMPROVEMENT" "ISO270012022_ORGANIZATIONAL_CONTROLS" "ISO270012022_PEOPLE_CONTROLS" "ISO270012022_PHYSICAL_CONTROLS" "ISO270012022_TECHNOLOGICAL_CONTROLS" "CCM_AUDIT_AND_ASSURANCE" "CCM_APPLICATION_AND_INTERFACE_SECURITY" "CCM_BUSINESS_CONTINUITY_MANAGEMENT_AND_OPERATIONAL_RESILIENCE" "CCM_CHANGE_CONTROL_AND_CONFIGURATION_MANAGEMENT" "CCM_CRYPTOGRAPHY_ENCRYPTION_AND_KEY_MANAGEMENT" "CCM_DATACENTER_SECURITY" "CCM_DATA_SECURITY_AND_PRIVACY_LIFECYCLE_MANAGEMENT" "CCM_GOVERNANCE_RISK_AND_COMPLIANCE" "CCM_HUMAN_RESOURCES" "CCM_IDENTITY_AND_ACCESS_MANAGEMENT" "CCM_INTEROPERABILITY_AND_PORTABILITY" "CCM_INFRASTRUCTURE_AND_VIRTUALIZATION_SECURITY" "CCM_LOGGING_AND_MONITORING" "CCM_SECURITY_INCIDENT_MANAGEMENT_EDISCOVERY_AND_CLOUD_FORENSICS" "CCM_SUPPLY_CHAIN_MANAGEMENT_TRANSPARENCY_AND_ACCOUNTABILITY" "CCM_THREAT_AND_VULNERABILITY_MANAGEMENT" "CCM_UNIVERSAL_ENDPOINT_MANAGEMENT" "CCPA_GENERAL_PROVISIONS" "CCPA_REQUIRED_DISCLOSURES_TO_CONSUMERS" "CCPA_SERVICE_PROVIDERS_CONTRACTORS_AND_THIRD_PARTIES" "CCPA_TRAINING_AND_RECORD_KEEPING" "CYBER_ESSENTIALS_FIREWALLS" "CYBER_ESSENTIALS_SECURE_CONFIGURATION_COMPUTERS_AND_NETWORK_DEVICES" "CYBER_ESSENTIALS_SECURE_CONFIGURATION_DEVICE_UNLOCKING_CREDENTIALS" "CYBER_ESSENTIALS_SECURITY_UPDATE_MANAGEMENT" "CYBER_ESSENTIALS_USER_ACCESS_CONTROL" "CYBER_ESSENTIALS_MALWARE_PROTECTION" "CYBER_ESSENTIALS_DATA_BACKUP" "CYBER_ESSENTIALS_ASSET_MANAGEMENT" "CYBER_ESSENTIALS_VULNERABILITY_MANAGEMENT" "ISO270182019_PII" "FEDRAMP_TECHNICAL" "FEDRAMP_OPERATIONAL" "FEDRAMP_MANAGEMENT" "NISTAI_GOVERN" "NISTAI_MANAGE" "NISTAI_MAP" "NISTAI_MEASURE" "PCI4_NETWORK_SECURITY" "PCI4_SECURE_CONFIGURATIONS" "PCI4_DATA_STORAGE_PROTECTION" "PCI4_DATA_TRANSMISSION_PROTECTION" "PCI4_MALWARE_PROTECTION" "PCI4_SECURE_DEVELOPMENT_AND_MAINTENANCE" "PCI4_ACCESS_MANAGEMENT" "PCI4_IDENTIFICATION_AND_AUTHENTICATION" "PCI4_PHYSICAL_ACCESS_CONTROL" "PCI4_LOGGING_AND_MONITORING" "PCI4_SECURITY_TESTING" "PCI4_ORGANIZATIONAL_POLICIES_AND_PROGRAMS" "PCI4_APPENDIX_1_MULTI_TENANT_SERVICE_PROVIDERS" "PCI4_APPENDIX_2_ENTITIES_USING_SSL_EARLY_TLS" "PCI4_APPENDIX_3_DESIGNATED_ENTITIES_SUPPLEMENTAL_VALIDATION" "ISO277012019_ANNEX_B_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "ISO277012019_ANNEX_B_OBLIGATIONS_TO_PII_PRINCIPLES" "ISO277012019_ANNEX_B_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "ISO277012019_ANNEX_B_PII_SHARING_TRANSFER_AND_DISCLOSURE" "ISO277012019_ANNEX_A_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "ISO277012019_ANNEX_A_OBLIGATIONS_TO_PII_PRINCIPLES" "ISO277012019_ANNEX_A_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "ISO277012019_ANNEX_A_PII_SHARING_TRANSFER_AND_DISCLOSURE" "NISTCSF2_GOVERN_GV" "NISTCSF2_IDENTIFY_ID" "NISTCSF2_PROTECT_PR" "NISTCSF2_DETECT_DE" "NISTCSF2_RESPOND_RS" "NISTCSF2_RECOVER_RC" "NIS2_GOVERNANCE" "NIS2_RISK_MANAGEMENT" "NIS2_REPORTING" "DORA_REGULATION" "DORA_ICT_RMF_RTS" "ISO420012023_RESOURCES_FOR_AI_SYSTEMS" "ISO420012023_INTERNAL_ORGANIZATION" "ISO420012023_AI_SYSTEM_LIFE_CYCLE" "ISO420012023_ASSESSING_IMPACTS_OF_AI_SYSTEMS" "ISO420012023_DATA_FOR_AI_SYSTEMS" "ISO420012023_INFORMATION_FOR_INTERESTED_PARTIES_OF_AI_SYSTEMS" "ISO420012023_USE_OF_AI_SYSTEMS" "ISO420012023_THIRD_PARTY_AND_CUSTOMER_RELATIONSHIPS" "ISO420012023_POLICIES_RELATED_TO_AI" "ISO420012023_SUPPORT" "ISO420012023_OPERATION" "ISO420012023_CONTEXT_OF_THE_ORGANIZATION" "ISO420012023_PERFORMANCE_EVALUATION" "ISO420012023_PLANNING" "ISO420012023_LEADERSHIP" "ISO420012023_IMPROVEMENT" "DRATA_ESSENTIALS_PROTECT" "DRATA_ESSENTIALS_RECOVER" "DRATA_ESSENTIALS_RESPOND" "DRATA_ESSENTIALS_IDENTIFY" "DRATA_ESSENTIALS_DETECT" "DRATA_ESSENTIALS_GOVERN" "NIST800171R3_OPERATIONAL" "NIST800171R3_MANAGEMENT" "NIST800171R3_TECHNICAL" "CUSTOM"
Example: category=GDPR_CONTROLLER_AND_PROCESSOR&category=SOC_2_CONTROL_ACTIVITIES
subCategory
Array of strings or null

Filter requirements on their subcategory

Enum: "ISO_MANAGEMENT_DIRECTION_FOR_INFORMATION_SECURITY" "ISO_INTERNAL_ORGANIZATION" "ISO27001_MOBILE_DEVICES_AND_TELEWORKING" "ISO27001_PRIOR_TO_EMPLOYMENT" "ISO_DURING_EMPLOYMENT" "ISO27001_TERMINATION_AND_CHANGE_OF_EMPLOYMENT" "ISO_RESPONSIBILITY_FOR_ASSETS" "ISO_INFORMATION_CLASSIFICATION" "ISO27001_MEDIA_HANDLING" "ISO_BUSINESS_REQUIREMENT_OF_ACCESS_CONTROL" "ISO_USER_ACCESS_MANAGEMENT" "ISO27001_USER_RESPONSIBILITIES" "ISO_SYSTEM_AND_APPLICATION_ACCESS_CONTROL" "ISO_CRYPTOGRAPHIC_CONTROLS" "ISO27001_SECURE_AREAS" "ISO_EQUIPMENT" "ISO_OPERATIONAL_PROCEDURES_AND_RESPONSIBILITIES" "ISO27001_PROTECTION_FROM_MALWARE" "ISO_BACKUP" "ISO_LOGGING_AND_MONITORING" "ISO27001_CONTROL_OF_OPERATIONAL_SOFTWARE" "ISO_TECHNICAL_VULNERABILITY_MANAGEMENT" "ISO27001_INFORMATION_SYSTEMS_AUDIT_CONSIDERATIONS" "ISO_NETWORK_SECURITY_MANAGEMENT" "ISO_INFORMATION_TRANSFER" "ISO_SECURITY_REQUIREMENTS_OF_INFORMATION_SYSTEMS" "ISO_SECURITY_IN_DEVELOPMENT_AND_SUPPORT_PROCESSES" "ISO27001_TEST_DATA" "ISO_INFORMATION_SECURITY_IN_SUPPLIER_RELATIONSHIPS" "ISO27001_SUPPLIER_SERVICE_DELIVERY_MANAGEMENT" "ISO_MANAGING_OF_INFORMATION_SECURITY_INCIDENTS_AND_IMPROVEMENTS" "ISO27001_INFORMATION_SECURITY_CONTINUITY" "ISO27001_REDUNDANCIES" "ISO_COMPLIANCE_WITH_LEGAL_AND_CONTRACTUAL_REQUIREMENTS" "ISO_INFORMATION_SECURITY_REVIEWS" "GDPR_TRANSPARENCY_AND_MODALITIES" "GDPR_INFORMATION_AND_ACCESS_TO_PERSONAL_DATA" "GDPR_RECTIFICATION_AND_ERASURE" "GDPR_RIGHT_TO_OBJECT_AND_AUTOMATED_INDIVIDUAL_DECISION_MAKING" "GDPR_GENERAL_OBLIGATIONS" "GDPR_SECURITY_OF_PERSONNEL_DATA" "GDPR_DATA_PROTECTION_IMPACT_ASSESSMENT_AND_PRIOR_CONSULTATION" "GDPR_DATA_PROTECTION_OFFICER" "CODES_OF_CONDUCT_AND_CERTIFICATION" "CCPA_RIGHT_TO_KNOW" "CCPA_RIGHT_TO_DELETE" "CCPA_RIGHT_TO_OPT_OUT" "CCPA_RIGHT_TO_NON_DISCRIMINATION" "ASSET_MANAGEMENT" "NISTCSF_BUSINESS_ENVIRONMENT" "GOVERNANCE" "SOX_ITGC_RISK_ASSESSMENT" "NISTCSF_RISK_MANAGEMENT_STRATEGY" "NISTCSF_SUPPLY_CHAIN_RISK_MANAGEMENT" "NISTCSF_IDENTITY_MANAGEMENT_AUTHENTICATION_AND_ACCESS_CONTROL" "AWARENESS_AND_TRAINING" "NISTCSF_DATA_SECURITY" "NISTCSF_INFORMATION_PROTECTION_PROCESSES_AND_PROCEDURES" "MAINTENANCE" "NISTCSF_PROTECTIVE_TECHNOLOGY" "NISTCSF_ANOMALIES_AND_EVENTS" "NISTCSF_SECURITY_CONTINUOUS_MONITORING" "NISTCSF_DETECTION_PROCESSES" "NISTCSF_RESPONSE_PLANNING" "NISTCSF_COMMUNICATIONS" "NISTCSF_ANALYSIS" "NISTCSF_MITIGATION" "NISTCSF_IMPROVEMENTS" "NISTCSF_RECOVERY_PLANNING" "ACCESS_CONTROL" "NIST800171R2_AUDIT_AND_ACCOUNTABILITY" "NIST800171R2_CONFIGURATION_MANAGEMENT" "NIST800171R2_IDENTIFICATION_AND_AUTHENTICATION" "NIST800171R2_INCIDENT_RESPONSE" "NIST800171R2_MEDIA_PROTECTION" "NIST800171R2_PERSONNEL_SECURITY" "NIST800171R2_PHYSICAL_PROTECTION" "NIST800171R2_SECURITY_ASSESSMENT" "NIST800171R2_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "NIST800171R2_SYSTEM_AND_INFORMATION_INTEGRITY" "CONTEXT_OF_THE_ORGANIZATION" "LEADERSHIP" "PLANNING" "SUPPORT" "OPERATION" "PERFORMANCE_EVALUATION" "IMPROVEMENT" "INFORMATION_SECURITY_POLICIES" "ORGANIZATION_OF_INFORMATION_SECURITY" "HUMAN_RESOURCE_SECURITY" "CRYPTOGRAHY" "PHYSICAL_AND_ENVIRONMENTAL_SECURITY" "OPERATIONS_SECURITY" "COMMUNICATIONS_SECURITY" "SYSTEM_ACQUISITION_DEVELOPMENT_AND_MAINTENANCE" "SUPPLIER_RELATIONSHIPS" "INFORMATION_SECURITY_INCIDENT_MANAGEMENT" "INFORMATION_SECURITY_ASPECTS_OF_BUSINESS_CONTINUITY_MANAGEMENT" "COMPLIANCE" "CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "OBLIGATIONS_TO_PII_PRINCIPLES" "PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "PII_SHARING_TRANSFER_AND_DISCLOSURE" "NISTCSF_ASSET_MANAGEMENT" "NISTCSF_RISK_ASSESSMENT" "NISTCSF_AWARENESS_AND_TRAINING" "NISTCSF_MAINTENANCE" "NIST800171R2_ACCESS_CONTROL" "NIST800171R2_AWARENESS_AND_TRAINING" "NIST800171R2_MAINTENANCE" "NIST800171R2_RISK_ASSESSMENT" "FFIEC_GOVERNANCE" "FFIEC_RISK_MANAGEMENT" "FFIEC_RESOURCES" "FFIEC_TRAINING_AND_CULTURE" "FFIEC_THREAT_INTELLIGENCE" "FFIEC_MONITORING_AND_ANALYZING" "FFIEC_INFORMATION_SHARING" "FFIEC_PREVENTATIVE_CONTROLS" "FFIEC_DETECTIVE_CONTROLS" "FFIEC_CORRECTIVE_CONTROLS" "FFIEC_CONNECTIONS" "FFIEC_RELATIONSHIP_MANAGEMENT" "FFIEC_INCIDENT_RESILIENCE_PLANNING_AND_STRATEGY" "FFIEC_DETECTION_RESPONSE_AND_MITIGATION" "FFIEC_ESCALATION_AND_REPORTING" "NISTSP80053_ACCESS_CONTROL" "NISTSP80053_AUDIT_AND_ACCOUNTABILITY" "NISTSP80053_IDENTIFICATION_AND_AUTHENTICATION" "NISTSP80053_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "NISTSP80053_AWARENESS_AND_TRAINING" "NISTSP80053_CONFIGURATION_MANAGEMENT" "NISTSP80053_CONTINGENCY_PLANNING" "NISTSP80053_INCIDENT_RESPONSE" "NISTSP80053_MAINTENANCE" "NISTSP80053_MEDIA_PROTECTION" "NISTSP80053_PHYSICAL_AND_ENVIRONMENTAL_PROTECTION" "NISTSP80053_PERSONNEL_SECURITY" "NISTSP80053_SYSTEM_AND_INFORMATION_INTEGRITY" "NISTSP80053_ASSESSMENT_AUTHORIZATION_AND_MONITORING" "NISTSP80053_PLANNING" "NISTSP80053_PROGRAM_MANAGEMENT" "NISTSP80053_PII_PROCESSING_AND_TRANSPARENCY" "NISTSP80053_RISK_ASSESSMENT" "NISTSP80053_SYSTEM_AND_SERVICES_ACQUISITION" "NISTSP80053_SUPPLY_CHAIN_RISK_MANAGEMENT" "CMMC_ACCESS_CONTROL" "CMMC_AUDIT_AND_ACCOUNTABILITY" "CMMC_IDENTIFICATION_AND_AUTHENTICATION" "CMMC_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "CMMC_AWARENESS_AND_TRAINING" "CMMC_CONFIGURATION_MANAGEMENT" "CMMC_INCIDENT_RESPONSE" "CMMC_MAINTENANCE" "CMMC_MEDIA_PROTECTION" "CMMC_PHYSICAL_PROTECTION" "CMMC_PERSONNEL_SECURITY" "CMMC_RECOVERY" "CMMC_SYSTEM_AND_INFORMATION_INTEGRITY" "CMMC_SECURITY_ASSESSMENT" "CMMC_RISK_MANAGEMENT" "ISO270172015_RELATIONSHIP_BETWEEN_CLOUD_SERVICE_CUSTOMER_AND_CLOUD_SERVICE_PROVIDER" "ISO270172015_ACCESS_CONTROL_OF_CLOUD_SERVICE_CUSTOMER_DATA_IN_SHARED_VIRTUAL_ENVIRONMENT" "FEDRAMP_ACCESS_CONTROL" "FEDRAMP_AWARENESS_AND_TRAINING" "FEDRAMP_AUDIT_AND_ACCOUNTABILITY" "FEDRAMP_SECURITY_ASSESSMENT_AND_AUTHORIZATION" "FEDRAMP_CONFIGURATION_MANAGEMENT" "FEDRAMP_CONTINGENCY_PLANNING" "FEDRAMP_IDENTIFICATION_AND_AUTHENTICATION" "FEDRAMP_INCIDENT_RESPONSE" "FEDRAMP_MAINTENANCE" "FEDRAMP_MEDIA_PROTECTION" "FEDRAMP_PHYSICAL_AND_ENVIRONMENTAL_PROTECTION" "FEDRAMP_PLANNING" "FEDRAMP_PERSONNEL_SECURITY" "FEDRAMP_RISK_ASSESSMENT" "FEDRAMP_SYSTEM_AND_SERVICES_ACQUISITION" "FEDRAMP_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "FEDRAMP_SYSTEM_AND_INFORMATION_INTEGRITY" "FEDRAMP_SUPPLY_CHAIN_RISK_MANAGEMENT" "FEDRAMP_ASSESSMENT_AUTHORIZATION_AND_MONITORING" "ISO270182019_CONSENT_AND_CHOICE" "ISO270182019_PURPOSE_LEGITIMACY_AND_SPECIFICATION" "ISO270182019_DATA_MINIMIZATION" "ISO270182019_USE_RETENTION_AND_DISCLOSURE_LIMITATION" "ISO270182019_ACCURACY_AND_QUALITY" "ISO270182019_ACCOUNTABILITY" "ISO270182019_INFORMATION_SECURITY" "ISO270182019_PRIVACY_COMPLIANCE" "ISO27701_ANNEX_B_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "ISO27701_ANNEX_B_OBLIGATIONS_TO_PII_PRINCIPLES" "ISO27701_ANNEX_B_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "ISO27701_ANNEX_B_PII_SHARING_TRANSFER_AND_DISCLOSURE" "NISTCSF2_ORGANIZATIONAL_CONTEXT_GV_OC" "NISTCSF2_RISK_MANAGEMENT_STRATEGY_GV_RM" "NISTCSF2_ROLES_RESPONSIBILITIES_AND_AUTHORITIES_GV_RR" "NISTCSF2_POLICY_GV_PO" "NISTCSF2_OVERSIGHT_GV_OV" "NISTCSF2_CYBERSECURITY_SUPPLY_CHAIN_RISK_MANAGEMENT_GV_SC" "NISTCSF2_ASSET_MANAGEMENT_ID_AM" "NISTCSF2_RISK_ASSESSMENT_ID_RA" "NISTCSF2_IMPROVEMENT_ID_IM" "NISTCSF2_IDENTITY_MANAGEMENT_AUTHENTICATION_AND_ACCESS_CONTROL_PR_AA" "NISTCSF2_AWARENESS_AND_TRAINING_PR_AT" "NISTCSF2_DATA_SECURITY_PR_DS" "NISTCSF2_PLATFORM_SECURITY_PR_PS" "NISTCSF2_TECHNOLOGY_INFRASTRUCTURE_RESILIENCE_PR_IR" "NISTCSF2_CONTINUOUS_MONITORING_DE_CM" "NISTCSF2_ADVERSE_EVENT_ANALYSIS_DE_AE" "NISTCSF2_INCIDENT_MANAGEMENT_RS_MA" "NISTCSF2_INCIDENT_ANALYSIS_RS_AN" "NISTCSF2_INCIDENT_RESPONSE_REPORTING_AND_COMMUNICATION_RS_CO" "NISTCSF2_INCIDENT_MITIGATION_RS_MI" "NISTCSF2_INCIDENT_RECOVERY_PLAN_EXECUTION_RC_RP" "NISTCSF2_INCIDENT_RECOVERY_COMMUNICATION_RC_CO" "DORA_ICT_RISK_MANAGEMENT" "DORA_INFORMATION_SHARING_ARRANGEMENTS" "DORA_ICT_THIRD_PARTY_RISK_MANAGEMENT" "DORA_ICT_RELATED_INCIDENT_MANAGEMENT" "DORA_DIGITAL_OPERATIONAL_RESILIENCE_TESTING" "DORA_SIMPLIFIED_ICT_RISK_MANAGEMENT_FRAMEWORK" "DORA_HUMAN_RESOURCES_POLICY_AND_ACCESS_CONTROL" "DORA_ICT_SECURITY_POLICIES_AND_PROCEDURES" "DORA_ICT_RELATED_INCIDENT_DETECTION_AND_RESPONSE" "DORA_ICT_BUSINESS_CONTINUITY_MANAGEMENT" "DORA_ICT_RISK_MANAGEMENT_FRAMEWORK_REVIEW_REPORT" "NIST800171R3_INCIDENT_RESPONSE" "NIST800171R3_SUPPLY_CHAIN_RISK_MANAGEMENT" "NIST800171R3_MEDIA_PROTECTION" "NIST800171R3_AUDIT_AND_ACCOUNTABILITY" "NIST800171R3_ACCESS_CONTROL" "NIST800171R3_PHYSICAL_PROTECTION" "NIST800171R3_CONFIGURATION_MANAGEMENT" "NIST800171R3_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "NIST800171R3_IDENTIFICATION_AND_AUTHENTICATION" "NIST800171R3_PLANNING" "NIST800171R3_MAINTENANCE" "NIST800171R3_RISK_ASSESSMENT" "NIST800171R3_SYSTEM_AND_INFORMATION_INTEGRITY" "NIST800171R3_SECURITY_ASSESSMENT_AND_MONITORING" "NIST800171R3_SYSTEM_AND_SERVICES_ACQUISITION" "NIST800171R3_AWARENESS_AND_TRAINING" "NIST800171R3_PERSONNEL_SECURITY"
Example: subCategory=CODES_OF_CONDUCT_AND_CERTIFICATION&subCategory=ISO_COMPLIANCE_WITH_LEGAL_AND_CONTRACTUAL_REQUIREMENTS
level
string or null

The id of the level

Enum: "SECURITY_LOW" "SECURITY_MODERATE" "SECURITY_HIGH" "LEVEL_1" "LEVEL_2" "BASELINE" "EVOLVING" "INTERMEDIATE" "ADVANCED" "INNOVATIVE" "SIMPLIFIED" "STANDARD"
Example: level=SECURITY_HIGH
customCategory
string or null

Filter requirements on their custom category

Example: customCategory=Custom Category 1
frameworkId
required
number

The framework ID

Example: frameworkId=1
Responses
200
400

Malformed data and/or validation errors

401

Invalid Authorization

402

Response Code 402

You must pay to activate this feature

403

You are not allowed to perform this action

404

Record Not Found

412

Response Code: 412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/frameworks/requirements
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": "1213123",
      • "name": "CC1.1",
      • "description": "The entity demonstrates a commitment to integrity and ethical values.",
      • "longDescription": "The entity demonstrates a commitment to integrity and ethical values.",
      • "additionalInfo": "The entity demonstrates a commitment to integrity and ethical values.",
      • "additionalInfo2": "The entity demonstrates a commitment to integrity and ethical values 2.",
      • "additionalInfo3": "The entity demonstrates a commitment to integrity and ethical values 3.",
      • "isReady": "true",
      • "rationale": "This requirement is not needed.",
      • "archivedAt": "2020-07-06",
      • "frameworkName": "SOC 2",
      • "controls": "ControlReadyType[]",
      • "totalInScopeControls": 6,
      • "frameworkId": 1
      }
    ],
  • "page": 1,
  • "limit": 10,
  • "total": 100
}