Find framework requirements by search terms and filters

List framework requirements for the primary workspace, given the provided search terms and filters

Securitybearer
Request
query Parameters
page
number >= 1
Default: 1

Which page of data are you requesting

limit
number [ 1 .. 50 ]
Default: 20

How many items are you requesting

q
string

Filter data by searching for requirement name or description/long description

Example: q=A1.1
frameworkSlug
string

Filter requirements on their framework slug

Example: frameworkSlug=soc2
excludeIds
Array of numbers

Exclude requirements by array of id

Example: excludeIds=1&excludeIds=2
excludeControlId
number

Control id to be excluded

Example: excludeControlId=1
isInScope
boolean or null

Filter requirements if they are in/out of scope

isReady
boolean or null

Filter requirements if they are or not ready

isInScopeControls
boolean or null

Filter requirements if they are linked to controls that are in/out of scope

topic
Array of strings or null

Filter requirements on their topic

Enum: "AVAILABILITY" "CONFIDENTIALITY" "SECURITY" "PRIVACY" "PROCESS_INTEGRITY" "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" "BASIC" "DERIVED" "NIST80053_PRIVACY"
Example: topic=ADMINISTRATIVE_SAFEGUARDS&topic=AVAILABILITY
category
Array of strings or null

Filter requirements on their category

Enum: "ADDITIONAL_CRITERIA_FOR_AVAILABILITY" "ADDITIONAL_CRITERIA_FOR_CONFIDENTIALITY" "CONTROL_ENVIRONMENT" "COMMUNICATION_AND_INFORMATION" "RISK_ASSESSMENT" "MONITORING_ACTIVITIES" "CONTROL_ACTIVITIES" "LOGICAL_AND_PHYSICAL_ACCESS_CONTROLS" "SYSTEM_OPERATIONS" "CHANGE_MANAGEMENT" "RISK_MITIGATION" "PRIVACY_CRITERIA_RELATED_TO_NOTICE" "PRIVACY_CRITERIA_RELATED_TO_CHOICE" "PRIVACY_CRITERIA_RELATED_TO_COLLECTION" "PRIVACY_CRITERIA_RELATED_TO_USE" "PRIVACY_CRITERIA_RELATED_TO_ACCESS" "PRIVACY_CRITERIA_RELATED_TO_DISCLOSURE" "PRIVACY_CRITERIA_RELATED_TO_QUALITY" "PRIVACY_CRITERIA_RELATED_TO_MONITORING" "ADDITIONAL_CRITERIA_FOR_PROCESSING_INTEGRITY" "CONTEXT_OF_THE_ORGANIZATION" "LEADERSHIP" "PLANNING" "SUPPORT" "OPERATION" "PERFORMANCE_EVALUATION" "IMPROVEMENT" "INFORMATION_SECURITY_POLICIES" "ORGANIZATION_OF_INFORMATION_SECURITY" "HUMAN_RESOURCES_SECURITY" "ASSET_MANAGEMENT" "ACCESS_CONTROL" "CRYPTOGRAPHY" "PHYSICAL_AND_ENVIRONMENTAL_SECURITY" "OPERATIONS_SECURITY" "COMMUNICATIONS_SECURITY" "SYSTEM_ACQUISITION_DEVELOPMENT_AND_MAINTENANCE" "SUPPLIER_RELATIONSHIPS" "INFORMATION_SECURITY_INCIDENT_MANAGEMENT" "INFORMATION_SECURITY_ASPECTS_OF_BUSINESS_CONTINUITY_MANAGEMENT" "COMPLIANCE" "SECURITY" "BREACH_NOTIFICATION" "PRIVACY" "FIREWALL" "PASSWORDS" "DATA_AT_REST_PROTECTION" "DATA_IN_TRANSIT_ENCRYPTION" "MALWARE_PROTECTION" "SECURE_SYSTEM_MANAGEMENT" "ACCESS_RESTRICTION" "SYSTEM_ACCESS_CONTROL" "PHYSICAL_ACCESS_CONTROL" "NETWORK_ACCESS_MONITORING" "VULNERABILITY_TESTING" "INFORMATION_SECURITY_POLICY" "PRINCIPLES" "RIGHTS_OF_THE_DATA_SUBJECT" "CONTROLLER_AND_PROCESSOR" "TRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_AND_INTERNATIONAL_ORGANIZATIONS" "CCPA_INDIVIDUAL_RIGHTS" "CCPA_SERVICE_PROVIDER" "CCPA_NOTICES_TO_CONSUMERS" "CCPA_BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS" "CCPA_VERIFICATION_OF_REQUESTS" "CCPA_SPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGE" "CCPA_NON_DISCRIMINATION" "MANAGEMENT" "NOTICE" "CHOICE_AND_CONSENT" "COLLECTION" "RETENTION" "DATA_SUBJECTS" "DISCLOSURE_TO_THIRD_PARTIES" "QUALITY" "MONITORING_AND_ENFORCEMENT" "NIST_CSF_IDENTIFY" "NIST_CSF_PROTECT" "NIST_CSF_DETECT" "NIST_CSF_RESPOND" "NIST_CSF_RECOVER" "NIST_800_171r2_TECHNICAL" "NIST_800_171r2_OPERATIONAL" "PIMS_SPECIFIC_REQUIREMENTS" "PIMS_SPECIFIC_GUIDANCE" "PII_CONTROLS_GUIDANCE" "PII_PROCESSORS_GUIDANCE" "CCPA_SECURITY" "MS_SSPA_SECURITY" "NIST_800_171r2_MANAGEMENT" "FFIEC_CYBER_RISK_MANAGEMENT_AND_OVERSIGHT" "FFIEC_THREAT_INTELLIGENCE_AND_COLLABORATION" "FFIEC_CYBERSECURITY_CONTROLS" "FFIEC_EXTERNAL_DEPENDENCY_MANAGEMENT" "FFIEC_CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE" "NIST_800_53_TECHNICAL" "NIST_800_53_OPERATIONAL" "NIST_800_53_MANAGEMENT" "CMMC_2_0_TECHNICAL" "CMMC_2_0_OPERATIONAL" "CMMC_2_0_MANAGEMENT" "COBIT_EVALUATE_DIRECT_AND_MONITOR" "COBIT_ALIGN_PLAN_AND_ORGANIZE" "COBIT_BUILD_ACQUIRE_AND_IMPLEMENT" "COBIT_DELIVER_SERVICE_AND_SUPPORT" "COBIT_MONITOR_EVALUATE_AND_ASSESS" "SOX_ITGC_PROGRAM_DEVELOPMENT" "SOX_ITGC_CHANGE_MANAGEMENT" "SOX_ITGC_SYSTEM_OPERATIONS" "SOX_ITGC_ACCESS_MANAGEMENT" "ISO_27001_2022_4_CONTEXT_OF_THE_ORGANIZATION" "ISO_27001_2022_5_LEADERSHIP" "ISO_27001_2022_6_PLANNING" "ISO_27001_2022_7_SUPPORT" "ISO_27001_2022_8_OPERATION" "ISO_27001_2022_9_PERFORMANCE_EVALUATION" "ISO_27001_2022_10_IMPROVEMENT" "ISO_27001_2022_A_5_ORGANIZATIONAL_CONTROLS" "ISO_27001_2022_A_6_PEOPLE_CONTROLS" "ISO_27001_2022_A_7_PHYSICAL_CONTROLS" "ISO_27001_2022_A_8_TECHNOLOGICAL_CONTROLS" "CCM_AUDIT_AND_ASSURANCE" "CCM_APPLICATION_AND_INTERFACE_SECURITY" "CCM_BUSINESS_CONTINUITY_MANAGEMENT_AND_OPERATIONAL_RESILIENCE" "CCM_CHANGE_CONTROL_AND_CONFIGURATION_MANAGEMENT" "CCM_CRYPTOGRAPHY_ENCRYPTION_AND_KEY_MANAGEMENT" "CCM_DATACENTER_SECURITY" "CCM_DATA_SECURITY_AND_PRIVACY_LIFECYCLE_MANAGEMENT" "CCM_GOVERNANCE_RISK_AND_COMPLIANCE" "CCM_HUMAN_RESOURCES" "CCM_IDENTITY_AND_ACCESS_MANAGEMENT" "CCM_INTEROPERABILITY_AND_PORTABILITY" "CCM_INFRASTRUCTURE_AND_VIRTUALIZATION_SECURITY" "CCM_LOGGING_AND_MONITORING" "CCM_SECURITY_INCIDENT_MANAGEMENT_EDISCOVERY_AND_CLOUD_FORENSICS" "CCM_SUPPLY_CHAIN_MANAGEMENT_TRANSPARENCY_AND_ACCOUNTABILITY" "CCM_THREAT_AND_VULNERABILITY_MANAGEMENT" "CCM_UNIVERSAL_ENDPOINT_MANAGEMENT" "CCPA_GENERAL_PROVISIONS" "CCPA_REQUIRED_DISCLOSURES_TO_CONSUMERS" "CCPA_SERVICE_PROVIDERS_CONTRACTORS_AND_THIRD_PARTIES" "CCPA_TRAINING_AND_RECORD_KEEPING" "CYBER_ESSENTIALS_FIREWALLS" "CYBER_ESSENTIALS_SECURE_CONFIGURATION_COMPUTERS_AND_NETWORK_DEVICES" "CYBER_ESSENTIALS_SECURE_CONFIGURATION_DEVICE_UNLOCKING_CREDENTIALS" "CYBER_ESSENTIALS_SECURITY_UPDATE_MANAGEMENT" "CYBER_ESSENTIALS_USER_ACCESS_CONTROL" "CYBER_ESSENTIALS_MALWARE_PROTECTION" "CYBER_ESSENTIALS_DATA_BACKUP" "CYBER_ESSENTIALS_ASSET_MANAGEMENT" "CYBER_ESSENTIALS_VULNERABILITY_MANAGEMENT" "PII_27018_ANNEX_A" "FEDRAMP_TECHNICAL" "FEDRAMP_OPERATIONAL" "FEDRAMP_MANAGEMENT" "NIST_AI_RMF_GOVERN" "NIST_AI_RMF_MANAGE" "NIST_AI_RMF_MAP" "NIST_AI_RMF_MEASURE" "PCI_4_0_NETWORK_SECURITY" "PCI_4_0_SECURE_CONFIGURATIONS" "PCI_4_0_DATA_STORAGE_PROTECTION" "PCI_4_0_DATA_TRANSMISSION_PROTECTION" "PCI_4_0_MALWARE_PROTECTION" "PCI_4_0_SECURE_DEVELOPMENT_AND_MAINTENANCE" "PCI_4_0_ACCESS_MANAGEMENT" "PCI_4_0_IDENTIFICATION_AND_AUTHENTICATION" "PCI_4_0_PHYSICAL_ACCESS_CONTROL" "PCI_4_0_LOGGING_AND_MONITORING" "PCI_4_0_SECURITY_TESTING" "PCI_4_0_ORGANIZATIONAL_POLICIES_AND_PROGRAMS" "PCI_4_0_APPENDIX1_MULTI_TENANT_SERVICE_PROVIDERS" "PCI_4_0_APPENDIX2_ENTITIES_USING_SSL_EARLY_TLS" "PCI_4_0_APPENDIX3_DESIGNED_ENTITIES_SUPPLEMENTAL_VALIDATION" "ISO27701_8_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "ISO27701_8_OBLIGATIONS_TO_PII_PRINCIPLES" "ISO27701_8_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "ISO27701_8_PII_SHARING_TRANSFER_AND_DISCLOSURE" "CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "OBLIGATIONS_TO_PII_PRINCIPLES" "PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "PII_SHARING_TRANSFER_AND_DISCLOSURE" "NIST_CSF_2_0_GOVERN_GV" "NIST_CSF_2_0_IDENTIFY_ID" "NIST_CSF_2_0_PROTECT_PR" "NIST_CSF_2_0_DETECT_DE" "NIST_CSF_2_0_RESPOND_RS" "NIST_CSF_2_0_RECOVER_RC" "NIS_2_GOVERNANCE" "NIS_2_RISK_MANAGEMENT" "NIS_2_REPORTING" "CUSTOM"
Example: category=CONTROLLER_AND_PROCESSOR&category=CONTROL_ACTIVITIES
subCategory
Array of strings or null

Filter requirements on their subcategory

Enum: "MANAGEMENT_DIRECTION_FOR_INFORMATION_SECURITY" "INTERNAL_ORGANIZATION" "MOBILE_DEVICES_AND_TELEWORKING" "PRIOR_TO_EMPLOYMENT" "DURING_EMPLOYMENT" "TERMINATION_AND_CHANGE_OF_EMPLOYMENT" "RESPONSIBILITY_FOR_ASSETS" "INFORMATION_CLASSIFICATION" "MEDIA_HANDLING" "BUSINESS_REQUIREMENT_OF_ACCESS_CONTROL" "USER_ACCESS_MANAGEMENT" "USER_RESPONSIBILITIES" "SYSTEM_AND_APPLICATION_ACCESS_CONTROL" "CRYPTOGRAPHIC_CONTROLS" "SECURE_AREAS" "EQUIPMENT" "OPERATIONAL_PROCEDURES_AND_RESPONSIBILITES" "PROTECTION_FROM_MALWARE" "BACKUP" "LOGGING_AND_MONITORING" "CONTROL_OF_OPERATIONAL_SOFTWARE" "TECHNICAL_VULNERABILITY_MANAGEMENT" "INFORMATION_SYSTEMS_AUDIT_CONSIDERATIONS" "NETWORK_SECURITY_MANAGEMENT" "INFORMATION_TRANSFER" "SECURITY_REQUIREMENTS_OF_INFORMATION_SYSTEMS" "SECURITY_IN_DEVELOPMENT_AND_SUPPORT_PROCESSES" "TEST_DATA" "INFORMATION_SECURITY_IN_SUPPLIER_RELATIONSHIPS" "SUPPLIER_SERVICE_DELIVERY_MANAGEMENT" "MANAGING_OF_INFORMATION_SECURITY_INCIDENTS_AND_IMPROVEMENTS" "INFORMATION_SECURITY_CONTINUITY" "REDUNDANCIES" "COMPLIANCE_WITH_LEGAL_AND_CONTRACTUAL_REQUIREMENTS" "INFORMATION_SECURITY_REVIEWS" "TRANSPARENCY_AND_MODALITIES" "INFORMATION_AND_ACCESS_TO_PERSONNEL_DATA" "RECTIFICATION_AND_ERASURE" "RIGHT_TO_OBJECT_AND_AUTOMATED_INDIVIDUAL_DECISION_MAKING" "GENERAL_OBLIGATIONS" "SECURITY_OF_PERSONAL_DATA" "DATA_PROTECTION_IMPACT_ASSESSMENT_AND_PRIOR_CONSULATION" "DATA_PROTECTION_OFFICER" "CODES_OF_CONDUCT_AND_CERTIFICATION" "CCPA_RIGHT_TO_KNOW" "CCPA_RIGHT_TO_DELETE" "CCPA_RIGHT_TO_OPT_OUT" "CCPA_RIGHT_TO_NON_DISCRIMINATION" "ASSET_MANAGEMENT" "BUSINESS_ENVIRONMENT" "GOVERNANCE" "RISK_ASSESSMENT" "RISK_MANAGEMENT_STRATEGY" "SUPPLY_CHAIN_RISK_MANAGEMENT" "IDENTIFY_MANAGEMENT_AUTHENTICATION_AND_ACCESS_CONTROL" "AWARENESS_AND_TRAINING" "DATA_SECURITY" "INFORMATION_PROTECTION_PROCESSES_AND_PROCEDURES" "MAINTENANCE" "PROTECTIVE_TECHNOLOGY" "ANOMALIES_AND_EVENTS" "SECURITY_CONTINUOUS_MONITORING" "DETECTION_PROCESSES" "RESPONSE_PLANNING" "COMMUNICATIONS" "ANALYSIS" "MITIGATION" "IMPROVEMENTS" "RECOVERY_PLANNING" "ACCESS_CONTROL" "NIST_800_171r2_AUDIT_AND_ACCOUNTABILITY" "NIST_800_171r2_CONFIGURATION_MANAGEMENT" "NIST_800_171r2_IDENTIFICATION_AND_AUTHENTICATION" "NIST_800_171r2_INCIDENT_RESPONSE" "NIST_800_171r2_MEDIA_PROTECTION" "NIST_800_171r2_PERSONNEL_SECURITY" "NIST_800_171r2_PHYSICAL_PROTECTION" "NIST_800_171r2_SECURITY_ASSESSMENT" "NIST_800_171r2_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "NIST_800_171r2_SYSTEM_AND_INFORMATION_INTEGRITY" "CONTEXT_OF_THE_ORGANIZATION" "LEADERSHIP" "PLANNING" "SUPPORT" "OPERATION" "PERFORMANCE_EVALUATION" "IMPROVEMENT" "INFORMATION_SECURITY_POLICIES" "ORGANIZATION_OF_INFORMATION_SECURITY" "HUMAN_RESOURCE_SECURITY" "CRYPTOGRAHY" "PHYSICAL_AND_ENVIRONMENTAL_SECURITY" "OPERATIONS_SECURITY" "COMMUNICATIONS_SECURITY" "SYSTEM_ACQUISITION_DEVELOPMENT_AND_MAINTENANCE" "SUPPLIER_RELATIONSHIPS" "INFORMATION_SECURITY_INCIDENT_MANAGEMENT" "INFORMATION_SECURITY_ASPECTS_OF_BUSINESS_CONTINUITY_MANAGEMENT" "COMPLIANCE" "CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "OBLIGATIONS_TO_PII_PRINCIPLES" "PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "PII_SHARING_TRANSFER_AND_DISCLOSURE" "NIST_CSF_ASSET_MANAGEMENT" "NIST_CSF_RISK_ASSESSMENT" "NIST_CSF_AWARENESS_AND_TRAINING" "NIST_CSF_MAINTENANCE" "NIST_800_171r2_ACCESS_CONTROL" "NIST_800_171r2_AWARENESS_AND_TRAINING" "NIST_800_171r2_MAINTENANCE" "NIST_800_171r2_RISK_ASSESSMENT" "FFIEC_GOVERNANCE" "FFIEC_RISK_MANAGEMENT" "FFIEC_RESOURCES" "FFIEC_TRAINING_AND_CULTURE" "FFIEC_THREAT_INTELLIGENCE" "FFIEC_MONITORING_AND_ANALYZING" "FFIEC_INFORMATION_SHARING" "FFIEC_PREVENTATIVE_CONTROLS" "FFIEC_DETECTIVE_CONTROLS" "FFIEC_CORRECTIVE_CONTROLS" "FFIEC_CONNECTIONS" "FFIEC_RELATIONSHIP_MANAGEMENT" "FFIEC_INCIDENT_RESILIENCE_PLANNING_AND_STRATEGY" "FFIEC_DETECTION_RESPONSE_AND_MITIGATION" "FFIEC_ESCALATION_AND_REPORTING" "NIST_800_53_ACCESS_CONTROL" "NIST_800_53_AUDIT_AND_ACCOUNTABILITY" "NIST_800_53_IDENTIFICATION_AND_AUTHENTICATION" "NIST_800_53_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "NIST_800_53_AWARENESS_AND_TRAINING" "NIST_800_53_CONFIGURATION_MANAGEMENT" "NIST_800_53_CONTINGENCY_PLANNING" "NIST_800_53_INCIDENT_RESPONSE" "NIST_800_53_MAINTENANCE" "NIST_800_53_MEDIA_PROTECTION" "NIST_800_53_PHYSICAL_AND_ENVIRONMENTAL_PROTECTION" "NIST_800_53_PERSONNEL_SECURITY" "NIST_800_53_SYSTEM_AND_INFORMATION_INTEGRITY" "NIST_800_53_ASSESSMENT_AUTHORIZATION_AND_MONITORING" "NIST_800_53_PLANNING" "NIST_800_53_PROGRAM_MANAGEMENT" "NIST_800_53_PII_PROCESSING_AND_TRANSPARENCY" "NIST_800_53_RISK_ASSESSMENT" "NIST_800_53_SYSTEM_AND_SERVICES_ACQUISITION" "NIST_800_53_SUPPLY_CHAIN_RISK_MANAGEMENT" "CMMC_2_0_ACCESS_CONTROL" "CMMC_2_0_AUDIT_AND_ACCOUNTABILITY" "CMMC_2_0_IDENTIFICATION_AND_AUTHENTICATION" "CMMC_2_0_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "CMMC_2_0_AWARENESS_AND_TRAINING" "CMMC_2_0_CONFIGURATION_MANAGEMENT" "CMMC_2_0_INCIDENT_RESPONSE" "CMMC_2_0_MAINTENANCE" "CMMC_2_0_MEDIA_PROTECTION" "CMMC_2_0_PHYSICAL_PROTECTION" "CMMC_2_0_PERSONNEL_SECURITY" "CMMC_2_0_RECOVERY" "CMMC_2_0_SYSTEM_AND_INFORMATION_INTEGRITY" "CMMC_2_0_SECURITY_ASSESSMENT" "CMMC_2_0_RISK_MANAGEMENT" "RELATIONSHIP_BETWEEN_CLOUD_SERVICE_CUSTOMER_AND_CLOUD_SERVICE_PROVIDER" "ACCESS_CONTROL_OF_CLOUD_SERVICE_CUSTOMER_DATA_IN_SHARED_VIRTUAL_ENV" "FEDRAMP_ACCESS_CONTROL" "FEDRAMP_AWARENESS_AND_TRAINING" "FEDRAMP_AUDIT_AND_ACCOUNTABILITY" "FEDRAMP_SECURITY_ASSESSMENT_AND_AUTHORIZATION" "FEDRAMP_CONFIGURATION_MANAGEMENT" "FEDRAMP_CONTINGENCY_PLANNING" "FEDRAMP_IDENTIFICATION_AND_AUTHENTICATION" "FEDRAMP_INCIDENT_RESPONSE" "FEDRAMP_MAINTENANCE" "FEDRAMP_MEDIA_PROTECTION" "FEDRAMP_PHYSICAL_AND_ENVIRONMENTAL_PROTECTION" "FEDRAMP_PLANNING" "FEDRAMP_PERSONNEL_SECURITY" "FEDRAMP_RISK_ASSESSMENT" "FEDRAMP_SYSTEM_AND_SERVICES_ACQUISITION" "FEDRAMP_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "FEDRAMP_SYSTEM_AND_INFORMATION_INTEGRITY" "FEDRAMP_SUPPLY_CHAIN_RISK_MANAGEMENT" "FEDRAMP_ASSESSMENT_AUTHORIZATION_AND_MONITORING" "CONSENT_AND_CHOICE" "PURPOSE_LEGITIMACY_AND_SPECIFICATION" "DATA_MINIMIZATION" "USE_RETENTION_AND_DISCLOSURE_LIMITATION" "ACCURACY_AND_QUALITY" "ACCOUNTABILITY" "INFORMATION_SECURITY" "PRIVACY_COMPLIANCE" "ISO27701_8_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "ISO27701_8_OBLIGATIONS_TO_PII_PRINCIPLES" "ISO27701_8_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "ISO27701_8_PII_SHARING_TRANSFER_AND_DISCLOSURE" "NIST_CSF_2_0_ORGANIZATIONAL_CONTEXT_GV_OC" "NIST_CSF_2_0_RISK_MANAGEMENT_STRATEGY_GV_RM" "NIST_CSF_2_0_ROLES_RESPONSIBILITIES_AND_AUTHORITIES_GV_RR" "NIST_CSF_2_0_POLICY_GV_PO" "NIST_CSF_2_0_OVERSIGHT_GV_OV" "NIST_CSF_2_0_CYBERSECURITY_SUPPLY_CHAIN_RISK_MANAGEMENT_GV_SC" "NIST_CSF_2_0_ASSET_MANAGEMENT_ID_AM" "NIST_CSF_2_0_RISK_ASSESSMENT_ID_RA" "NIST_CSF_2_0_IMPROVEMENT_ID_IM" "NIST_CSF_2_0_IDENTITY_MANAGEMENT_AUTHENTICATION_AND_ACCESS_CONTROL_PR_AA" "NIST_CSF_2_0_AWARENESS_AND_TRAINING_PR_AT" "NIST_CSF_2_0_DATA_SECURITY_PR_DS" "NIST_CSF_2_0_PLATFORM_SECURITY_PR_PS" "NIST_CSF_2_0_TECHNOLOGY_INFRASTRUCTURE_RESILIENCE_PR_IR" "NIST_CSF_2_0_CONTINUOUS_MONITORING_DE_CM" "NIST_CSF_2_0_ADVERSE_EVENT_ANALYSIS_DE_AE" "NIST_CSF_2_0_INCIDENT_MANAGEMENT_RS_MA" "NIST_CSF_2_0_INCIDENT_ANALYSIS_RS_AN" "NIST_CSF_2_0_INCIDENT_RESPONSE_REPORTING_AND_COMMUNICATION_RS_CO" "NIST_CSF_2_0_INCIDENT_MITIGATION_RS_MI" "NIST_CSF_2_0_INCIDENT_RECOVERY_PLAN_EXECUTION_RC_RP" "NIST_CSF_2_0_INCIDENT_RECOVERY_COMMUNICATION_RC_CO"
Example: subCategory=CODES_OF_CONDUCT_AND_CERTIFICATION&subCategory=COMPLIANCE_WITH_LEGAL_AND_CONTRACTUAL_REQUIREMENTS
level
string or null

The id of the level

Enum: "SECURITY_LOW" "SECURITY_MODERATE" "SECURITY_HIGH" "LEVEL_1" "LEVEL_2" "BASELINE" "EVOLVING" "INTERMEDIATE" "ADVANCED" "INNOVATIVE"
Example: level=SECURITY_HIGH
customCategory
string or null

Filter requirements on their custom category

Example: customCategory=Custom Category 1
frameworkId
required
number

The framework ID

Example: frameworkId=1
Responses
200
400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

404

Record Not Found

500

Internal server error

default

Response Code: 412

You must accept the Drata terms and conditions to use the API

get/frameworks/requirements
Request samples
Response samples
application/json
{
  • "data": [
    • { }
    ],
  • "page": 1,
  • "limit": 10,
  • "total": 100
}