pagenumber >= 1
Default: 1
Which page of data are you requesting
limitnumber [ 1 .. 50 ]
Default: 20
How many items are you requesting
qstring
Filter data by searching for control names, codes, or descriptions
Example: q=Least-Privileged Policy for Customer Data Access
frameworkTagsArray of strings
Filter data by controls associated with these framework tags
Items Enum: "NONE" "SOC_2" "ISO27001" "CCPA" "GDPR" "HIPAA" "PCI" "SCF" "NIST80053" "NISTCSF" "CMMC" "NIST800171" "MSSSPA" "FFIEC" "ISO27701" "COBIT" "SOX_ITGC" "ISO270012022" "CCM" "CYBER_ESSENTIALS" "ISO270172015" "ISO270182019" "FEDRAMP" "NISTAI" "PCI4" "NISTCSF2" "NIS2" "DORA" "CUSTOM" Example: frameworkTags=SOC_2&frameworkTags=ISO27001
frameworkSlugstring
Filter data by controls associated with these custom framework Slug
Example: frameworkSlug=soc2
trustServiceCriterionstring
Filter controls on their Trust Service Criteria
Enum: "AVAILABILITY" "CONFIDENTIALITY" "SECURITY" "PRIVACY" "PROCESS_INTEGRITY" "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" "BASIC" "DERIVED" "NIST80053_PRIVACY" Example: trustServiceCriterion=AVAILABILITY
trustServiceCriteriaArray of strings
Filter controls on their Trust Service Criteria
Items Enum: "AVAILABILITY" "CONFIDENTIALITY" "SECURITY" "PRIVACY" "PROCESS_INTEGRITY" "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" "BASIC" "DERIVED" "NIST80053_PRIVACY" Example: trustServiceCriteria=AVAILABILITY&trustServiceCriteria=CONFIDENTIALITY
ismsCategoryArray of strings
Filter controls on their ISMS requirements
Items Enum: "CONTEXT_OF_THE_ORGANIZATION" "LEADERSHIP" "PLANNING" "SUPPORT" "OPERATION" "PERFORMANCE_EVALUATION" "IMPROVEMENT" Example: ismsCategory=CONTEXT_OF_THE_ORGANIZATION&ismsCategory=LEADERSHIP
isms2022CategoryArray of strings
Filter controls on their ISMS requirements
Items Enum: "ISO_27001_2022_4_CONTEXT_OF_THE_ORGANIZATION" "ISO_27001_2022_5_LEADERSHIP" "ISO_27001_2022_6_PLANNING" "ISO_27001_2022_7_SUPPORT" "ISO_27001_2022_8_OPERATION" "ISO_27001_2022_9_PERFORMANCE_EVALUATION" "ISO_27001_2022_10_IMPROVEMENT" Example: isms2022Category=ISO_27001_2022_4_CONTEXT_OF_THE_ORGANIZATION&isms2022Category=ISO_27001_2022_5_LEADERSHIP
isAnnexA2022boolean
Filter controls on if they are an Annex A requirement
Example: isAnnexA2022=true
rulesArray of strings
Filter controls on their Hipaa rules
Items Enum: "SECURITY" "BREACH_NOTIFICATION" "PRIVACY" Example: rules=BREACH_NOTIFICATION&rules=PRIVACY
subRulesArray of strings
Filter controls on their Hipaa rules
Items Enum: "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" Example: subRules=GENERAL_RULES&subRules=ADMINISTRATIVE_SAFEGUARDS
pciRequirementsArray of strings
Filter controls on their PCI requirements
Items Enum: "FIREWALL" "PASSWORDS" "DATA_AT_REST_PROTECTION" "DATA_IN_TRANSIT_ENCRYPTION" "MALWARE_PROTECTION" "SECURE_SYSTEM_MANAGEMENT" "ACCESS_RESTRICTION" "SYSTEM_ACCESS_CONTROL" "PHYSICAL_ACCESS_CONTROL" "NETWORK_ACCESS_MONITORING" "VULNERABILITY_TESTING" "INFORMATION_SECURITY_POLICY" Example: pciRequirements=FIREWALL&pciRequirements=ACCESS_RESTRICTION
chaptersArray of strings
Filter controls on their GDPR chapters
Items Enum: "PRINCIPLES" "RIGHTS_OF_THE_DATA_SUBJECT" "CONTROLLER_AND_PROCESSOR" "TRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_AND_INTERNATIONAL_ORGANIZATIONS" Example: chapters=CONTROLLER_AND_PROCESSOR&chapters=PRINCIPLES
statutesArray of strings
Filter controls on their CCPA statutes
Items Enum: "CCPA_INDIVIDUAL_RIGHTS" "CCPA_SERVICE_PROVIDER" "CCPA_SECURITY" Example: statutes=CCPA_INDIVIDUAL_RIGHTS&statutes=CCPA_SERVICE_PROVIDER
regulationsArray of strings
Filter controls on their CCPA regulations
Items Enum: "CCPA_NOTICES_TO_CONSUMERS" "CCPA_BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS" "CCPA_VERIFICATION_OF_REQUESTS" "CCPA_SPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGE" "CCPA_NON_DISCRIMINATION" "CCPA_GENERAL_PROVISIONS" "CCPA_REQUIRED_DISCLOSURES_TO_CONSUMERS" "CCPA_SERVICE_PROVIDERS_CONTRACTORS_AND_THIRD_PARTIES" "CCPA_TRAINING_AND_RECORD_KEEPING" Example: regulations=CCPA_BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS®ulations=CCPA_NON_DISCRIMINATION
functionsArray of strings
Filter controls on their NIST CSF Functions
Items Enum: "IDENTIFY" "PROTECT" "DETECT" "RESPOND" "RECOVER" Example: functions=RECOVER&functions=RESPOND
functions2Array of strings
Filter controls on their NIST CSF 2.0 Functions
Items Enum: "NIST_CSF_2_0_GOVERN_GV" "NIST_CSF_2_0_IDENTIFY_ID" "NIST_CSF_2_0_PROTECT_PR" "NIST_CSF_2_0_DETECT_DE" "NIST_CSF_2_0_RESPOND_RS" "NIST_CSF_2_0_RECOVER_RC" Example: functions2=NIST_CSF_2_0_GOVERN_GV&functions2=NIST_CSF_2_0_IDENTIFY_ID
sectionsArray of strings
Filter controls on their MSSSPA Section
Items Enum: "MANAGEMENT" "NOTICE" "CHOICE_AND_CONSENT" "COLLECTION" "RETENTION" "DATA_SUBJECTS" "DISCLOSURE_TO_THIRD_PARTIES" "QUALITY" "MONITORING_AND_ENFORCEMENT" "MS_SSPA_SECURITY" Example: sections=DATA_SUBJECTS§ions=CHOICE_AND_CONSENT
controlFamiliesArray of strings
Filter controls on their NIST SP 800-171 Control Family
Items Enum: "NIST_800_171r2_AUDIT_AND_ACCOUNTABILITY" "NIST_800_171r2_CONFIGURATION_MANAGEMENT" "NIST_800_171r2_IDENTIFICATION_AND_AUTHENTICATION" "NIST_800_171r2_INCIDENT_RESPONSE" "NIST_800_171r2_MEDIA_PROTECTION" "NIST_800_171r2_PERSONNEL_SECURITY" "NIST_800_171r2_PHYSICAL_PROTECTION" "NIST_800_171r2_SECURITY_ASSESSMENT" "NIST_800_171r2_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "NIST_800_171r2_SYSTEM_AND_INFORMATION_INTEGRITY" "NIST_800_171r2_ACCESS_CONTROL" "NIST_800_171r2_AWARENESS_AND_TRAINING" "NIST_800_171r2_MAINTENANCE" "NIST_800_171r2_RISK_ASSESSMENT" Example: controlFamilies=NIST_800_171r2_ACCESS_CONTROL&controlFamilies=NIST_800_171r2_PERSONNEL_SECURITY
controlClassesArray of strings
Filter controls on their NIST SP 800-171 Control Class
Items Enum: "NIST_800_171r2_TECHNICAL" "NIST_800_171r2_OPERATIONAL" "NIST_800_171r2_MANAGEMENT" Example: controlClasses=NIST_800_171r2_TECHNICAL
iso27701Array of strings
Filter controls on their ISO27701 requirements
Items Enum: "PIMS_SPECIFIC_REQUIREMENTS" "PIMS_SPECIFIC_GUIDANCE" "PII_CONTROLS_GUIDANCE" "PII_PROCESSORS_GUIDANCE" "ISO27701_8_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "ISO27701_8_OBLIGATIONS_TO_PII_PRINCIPLES" "ISO27701_8_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "ISO27701_8_PII_SHARING_TRANSFER_AND_DISCLOSURE" "CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "OBLIGATIONS_TO_PII_PRINCIPLES" "PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "PII_SHARING_TRANSFER_AND_DISCLOSURE" Example: iso27701=CONDITIONS_FOR_COLLECTION_AND_PROCESSING
cobitArray of strings
Filter controls on their COBIT requirements
Items Enum: "EVALUATE_DIRECT_AND_MONITOR" "ALIGN_PLAN_AND_ORGANIZE" "BUILD_ACQUIRE_AND_IMPLEMENT" "DELIVER_SERVICE_AND_SUPPORT" "MONITOR_EVALUATE_AND_ASSESS" Example: cobit=ALIGN_PLAN_AND_ORGANIZE
soxitgcArray of strings
Filter controls on their SOX requirements
Items Enum: "PROGRAM_DEVELOPMENT" "CHANGE_MANAGEMENT" "SYSTEM_OPERATIONS" "ACCESS_MANAGEMENT" Example: soxitgc=PROGRAM_DEVELOPMENT
controlBaselinesArray of strings
Filter controls on their NIST SP 800-53 Control Baseline
Items Enum: "NIST_800_53_TECHNICAL" "NIST_800_53_OPERATIONAL" "NIST_800_53_MANAGEMENT" Example: controlBaselines=NIST_800_53_OPERATIONAL
cmmcClassesArray of strings
Filter controls on their NIST SP 800-53 Control Baseline
Items Enum: "CMMC_2_0_TECHNICAL" "CMMC_2_0_OPERATIONAL" "CMMC_2_0_MANAGEMENT" Example: cmmcClasses=CMMC_2_0_MANAGEMENT
domainsArray of strings
Filter controls on their FFIEC Domains
Items Enum: "FFIEC_CYBER_RISK_MANAGEMENT_AND_OVERSIGHT" "FFIEC_THREAT_INTELLIGENCE_AND_COLLABORATION" "FFIEC_CYBERSECURITY_CONTROLS" "FFIEC_EXTERNAL_DEPENDENCY_MANAGEMENT" "FFIEC_CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE" Example: domains=FFIEC_CYBERSECURITY_CONTROLS
assessmentFactorsArray of strings
Filter controls on their FFIEC Assessment Factors
Items Enum: "FFIEC_GOVERNANCE" "FFIEC_RISK_MANAGEMENT" "FFIEC_RESOURCES" "FFIEC_TRAINING_AND_CULTURE" "FFIEC_THREAT_INTELLIGENCE" "FFIEC_MONITORING_AND_ANALYZING" "FFIEC_INFORMATION_SHARING" "FFIEC_PREVENTATIVE_CONTROLS" "FFIEC_DETECTIVE_CONTROLS" "FFIEC_CORRECTIVE_CONTROLS" "FFIEC_CONNECTIONS" "FFIEC_RELATIONSHIP_MANAGEMENT" "FFIEC_INCIDENT_RESILIENCE_PLANNING_AND_STRATEGY" "FFIEC_DETECTION_RESPONSE_AND_MITIGATION" "FFIEC_ESCALATION_AND_REPORTING" Example: assessmentFactors=FFIEC_GOVERNANCE
articlesArray of strings
Filters controls by their NIS 2 Articles
Items Enum: "NIS_2_GOVERNANCE" "NIS_2_RISK_MANAGEMENT" "NIS_2_REPORTING" Example: articles=NIS_2_GOVERNANCE
doraChaptersArray of strings
Filters controls by their DORA Standards
Items Enum: "DORA_REGULATION" "DORA_ICT_RMF_RTS" Example: doraChapters=DORA_ICT_RMF_RTS
userIdsArray of numbers
User Ids of Control Owners
Example: userIds=1
isOwnedboolean
Filter controls on if they have a control owner
Example: isOwned=true
isReadyboolean
Filter controls on if they are ready
Example: isReady=true
isAnnexAboolean
Filter controls on if they are an Annex A requirement
Example: isAnnexA=true
isArchivedboolean
Filter to controls that are or are not archived
isMonitoredboolean
Filter to controls that are or are not monitored
hasEvidenceboolean
Filter to controls with or without evidence
Example: hasEvidence=true
hasPolicyboolean
Filter to controls with or without policy
Example: hasPolicy=true
hasPassingTestboolean
Filter to controls with at least one passing test
Example: hasPassingTest=true
excludeIdsArray of numbers
Exclude controls by array of id
Example:
excludeRequirementIdnumber
Exclude controls if they are mapped to this requirement id
Example:
requirementIdnumber
Only include controls if they are mapped to this requirement id
Example:
excludeTestIdnumber
Exclude controls if they are mapped to this test id
Example:
testIdnumber
Only include controls if they are mapped to this test id
Example:
hasTicketstring
Only include controls if they associted to a task management ticket
Enum: "IN_PROGRESS" "ARCHIVED" connectionIdnumber
This will be filled in automatic when using a taskManagementStatus.
reviewersIdsArray of numbers
User Ids of Control Reviewers
Example: reviewersIds=1
taskOwnersIdsArray of numbers
Example: taskOwnersIds=1
workspaceIdnumber
ID of the workspace associated with the controls
Example: workspaceId=1