pagenumber >= 1
Default: 1
Which page of data are you requesting
limitnumber [ 1 .. 50 ]
Default: 20
How many items are you requesting
qstring
Filter data by searching for control names, codes, or descriptions
Example: q=Least-Privileged Policy for Customer Data Access
frameworkTagsArray of strings
Filter data by controls associated with these framework tags
Items Enum: "NONE" "SOC_2" "ISO27001" "CCPA" "GDPR" "HIPAA" "PCI" "SCF" "NIST80053" "NISTCSF" "CMMC" "NIST800171" "MSSSPA" "FFIEC" "ISO27701" "COBIT" "SOX_ITGC" "ISO270012022" "CCM" "CYBER_ESSENTIALS" "ISO270172015" "ISO270182019" "FEDRAMP" "NISTAI" "PCI4" "NISTCSF2" "NIS2" "DORA" "ISO420012023" "DRATA_ESSENTIALS" "NIST800171R3" "CUSTOM" Example: frameworkTags=SOC_2&frameworkTags=ISO27001
frameworkSlugstring
Filter data by controls associated with these custom framework Slug
Example: frameworkSlug=soc2
trustServiceCriterionstring
Filter controls on their Trust Service Criteria
Enum: "AVAILABILITY" "CONFIDENTIALITY" "SECURITY" "PRIVACY" "PROCESS_INTEGRITY" "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" "BASIC" "DERIVED" "NIST80053_PRIVACY" Example: trustServiceCriterion=AVAILABILITY
trustServiceCriteriaArray of strings
Filter controls on their Trust Service Criteria
Items Enum: "AVAILABILITY" "CONFIDENTIALITY" "SECURITY" "PRIVACY" "PROCESS_INTEGRITY" "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" "BASIC" "DERIVED" "NIST80053_PRIVACY" Example: trustServiceCriteria=AVAILABILITY&trustServiceCriteria=CONFIDENTIALITY
ismsCategoryArray of strings
Filter controls on their ISMS requirements
Items Enum: "CONTEXT_OF_THE_ORGANIZATION" "LEADERSHIP" "PLANNING" "SUPPORT" "OPERATION" "PERFORMANCE_EVALUATION" "IMPROVEMENT" Example: ismsCategory=CONTEXT_OF_THE_ORGANIZATION&ismsCategory=LEADERSHIP
isms2022CategoryArray of strings
Filter controls on their ISMS requirements
Items Enum: "CONTEXT_OF_THE_ORGANIZATION" "LEADERSHIP" "PLANNING" "SUPPORT" "OPERATION" "PERFORMANCE_EVALUATION" "IMPROVEMENT" Example: isms2022Category=CONTEXT_OF_THE_ORGANIZATION&isms2022Category=LEADERSHIP
isAnnexA2022boolean
Filter controls on if they are an Annex A requirement
Example: isAnnexA2022=true
rulesArray of strings
Filter controls on their Hipaa rules
Items Enum: "SECURITY" "BREACH_NOTIFICATION" "PRIVACY" Example: rules=BREACH_NOTIFICATION&rules=PRIVACY
subRulesArray of strings
Filter controls on their Hipaa rules
Items Enum: "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" Example: subRules=GENERAL_RULES&subRules=ADMINISTRATIVE_SAFEGUARDS
pciRequirementsArray of strings
Filter controls on their PCI requirements
Items Enum: "FIREWALL" "PASSWORDS" "DATA_AT_REST_PROTECTION" "DATA_IN_TRANSIT_ENCRYPTION" "MALWARE_PROTECTION" "SECURE_SYSTEM_MANAGEMENT" "ACCESS_RESTRICTION" "SYSTEM_ACCESS_CONTROL" "PHYSICAL_ACCESS_CONTROL" "NETWORK_ACCESS_MONITORING" "VULNERABILITY_TESTING" "INFORMATION_SECURITY_POLICY" Example: pciRequirements=FIREWALL&pciRequirements=ACCESS_RESTRICTION
chaptersArray of strings
Filter controls on their GDPR chapters
Items Enum: "PRINCIPLES" "RIGHTS_OF_THE_DATA_SUBJECT" "CONTROLLER_AND_PROCESSOR" "TRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_OR_INTERNATIONAL_ORGANIZATIONS" Example: chapters=CONTROLLER_AND_PROCESSOR&chapters=PRINCIPLES
statutesArray of strings
Filter controls on their CCPA statutes
Items Enum: "INDIVIDUAL_RIGHTS" "SERVICE_PROVIDER" "SECURITY" Example: statutes=INDIVIDUAL_RIGHTS&statutes=SERVICE_PROVIDER
regulationsArray of strings
Filter controls on their CCPA regulations
Items Enum: "NOTICES_TO_CONSUMERS" "BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS" "VERIFICATION_OF_REQUESTS" "SPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGE" "NON_DISCRIMINATION" "GENERAL_PROVISIONS" "REQUIRED_DISCLOSURES_TO_CONSUMERS" "SERVICE_PROVIDERS_CONTRACTORS_AND_THIRD_PARTIES" "TRAINING_AND_RECORD_KEEPING" Example: regulations=BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS®ulations=NON_DISCRIMINATION
functionsArray of strings
Filter controls on their NIST CSF Functions
Items Enum: "IDENTIFY" "PROTECT" "DETECT" "RESPOND" "RECOVER" Example: functions=RECOVER&functions=RESPOND
functions2Array of strings
Filter controls on their NIST CSF 2.0 Functions
Items Enum: "GOVERN_GV" "IDENTIFY_ID" "PROTECT_PR" "DETECT_DE" "RESPOND_RS" "RECOVER_RC" Example: functions2=GOVERN_GV&functions2=IDENTIFY_ID
sectionsArray of strings
Filter controls on their MSSSPA Section
Items Enum: "MANAGEMENT" "NOTICE" "CHOICE_AND_CONSENT" "COLLECTION" "RETENTION" "DATA_SUBJECTS" "DISCLOSURE_TO_THIRD_PARTIES" "QUALITY" "MONITORING_AND_ENFORCEMENT" "SECURITY" Example: sections=DATA_SUBJECTS§ions=CHOICE_AND_CONSENT
controlFamiliesArray of strings
Filter controls on their NIST SP 800-171 Control Family
Items Enum: "AUDIT_AND_ACCOUNTABILITY" "CONFIGURATION_MANAGEMENT" "IDENTIFICATION_AND_AUTHENTICATION" "INCIDENT_RESPONSE" "MEDIA_PROTECTION" "PERSONNEL_SECURITY" "PHYSICAL_PROTECTION" "SECURITY_ASSESSMENT" "SYSTEM_AND_COMMUNICATIONS_PROTECTION" "SYSTEM_AND_INFORMATION_INTEGRITY" "ACCESS_CONTROL" "AWARENESS_AND_TRAINING" "MAINTENANCE" "RISK_ASSESSMENT" Example: controlFamilies=ACCESS_CONTROL&controlFamilies=PERSONNEL_SECURITY
controlClassesArray of strings
Filter controls on their NIST SP 800-171 Control Class
Items Enum: "TECHNICAL" "OPERATIONAL" "MANAGEMENT" Example: controlClasses=TECHNICAL
iso27701Array of strings
Filter controls on their ISO27701 requirements
Items Enum: "PIMS_SPECIFIC_REQUIREMENTS" "PIMS_SPECIFIC_GUIDANCE" "ANNEX_B_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "ANNEX_B_OBLIGATIONS_TO_PII_PRINCIPLES" "ANNEX_B_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "ANNEX_B_PII_SHARING_TRANSFER_AND_DISCLOSURE" "ANNEX_A_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "ANNEX_A_OBLIGATIONS_TO_PII_PRINCIPALS" "ANNEX_A_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "ANNEX_A_PII_SHARING_TRANSFER_AND_DISCLOSURE" Example: iso27701=ANNEX_A_CONDITIONS_FOR_COLLECTION_AND_PROCESSING
cobitArray of strings
Filter controls on their COBIT requirements
Items Enum: "EVALUATE_DIRECT_AND_MONITOR" "ALIGN_PLAN_AND_ORGANIZE" "BUILD_ACQUIRE_AND_IMPLEMENT" "DELIVER_SERVICE_AND_SUPPORT" "MONITOR_EVALUATE_AND_ASSESS" Example: cobit=ALIGN_PLAN_AND_ORGANIZE
soxitgcArray of strings
Filter controls on their SOX requirements
Items Enum: "PROGRAM_DEVELOPMENT" "CHANGE_MANAGEMENT" "SYSTEM_OPERATIONS" "ACCESS_MANAGEMENT" Example: soxitgc=PROGRAM_DEVELOPMENT
controlBaselinesArray of strings
Filter controls on their NIST SP 800-53 Control Baseline
Items Enum: "TECHNICAL" "OPERATIONAL" "MANAGEMENT" Example: controlBaselines=OPERATIONAL
cmmcClassesArray of strings
Filter controls on their NIST SP 800-53 Control Baseline
Items Enum: "TECHNICAL" "OPERATIONAL" "MANAGEMENT" Example: cmmcClasses=MANAGEMENT
domainsArray of strings
Filter controls on their FFIEC Domains
Items Enum: "CYBER_RISK_MANAGEMENT_AND_OVERSIGHT" "THREAT_INTELLIGENCE_AND_COLLABORATION" "CYBERSECURITY_CONTROLS" "EXTERNAL_DEPENDENCY_MANAGEMENT" "CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE" Example: domains=CYBERSECURITY_CONTROLS
assessmentFactorsArray of strings
Filter controls on their FFIEC Assessment Factors
Items Enum: "GOVERNANCE" "RISK_MANAGEMENT" "RESOURCES" "TRAINING_AND_CULTURE" "THREAT_INTELLIGENCE" "MONITORING_AND_ANALYZING" "INFORMATION_SHARING" "PREVENTATIVE_CONTROLS" "DETECTIVE_CONTROLS" "CORRECTIVE_CONTROLS" "CONNECTIONS" "RELATIONSHIP_MANAGEMENT" "INCIDENT_RESILIENCE_PLANNING_AND_STRATEGY" "DETECTION_RESPONSE_AND_MITIGATION" "ESCALATION_AND_REPORTING" Example: assessmentFactors=GOVERNANCE
articlesArray of strings
Filters controls by their NIS 2 Articles
Items Enum: "GOVERNANCE" "RISK_MANAGEMENT" "REPORTING" Example: articles=GOVERNANCE
doraChaptersArray of strings
Filters controls by their DORA Standards
Items Enum: "REGULATION" "ICT_RMF_RTS" Example: doraChapters=ICT_RMF_RTS
drataFunctionsArray of strings
Filters controls by their Drata Essentials Function
Items Enum: "PROTECT" "RECOVER" "RESPOND" "IDENTIFY" "DETECT" "GOVERN" Example: drataFunctions=DETECT
iso420012023Array of strings
Filters controls by their ISO42001 Sections
Items Enum: "RESOURCES_FOR_AI_SYSTEMS" "INTERNAL_ORGANIZATION" "AI_SYSTEM_LIFE_CYCLE" "ASSESSING_IMPACTS_OF_AI_SYSTEMS" "DATA_FOR_AI_SYSTEMS" "INFORMATION_FOR_INTERESTED_PARTIES_OF_AI_SYSTEMS" "USE_OF_AI_SYSTEMS" "THIRD_PARTY_AND_CUSTOMER_RELATIONSHIPS" "POLICIES_RELATED_TO_AI" "SUPPORT" "OPERATION" "CONTEXT_OF_THE_ORGANIZATION" "PERFORMANCE_EVALUATION" "PLANNING" "LEADERSHIP" "IMPROVEMENT" Example: iso420012023=AI_SYSTEM_LIFE_CYCLE
nist800171r3ControlFamiliesArray of strings
Filter controls on their NIST SP 800-171 R3 Control Family
Items Enum: "INCIDENT_RESPONSE" "SUPPLY_CHAIN_RISK_MANAGEMENT" "MEDIA_PROTECTION" "AUDIT_AND_ACCOUNTABILITY" "ACCESS_CONTROL" "PHYSICAL_PROTECTION" "CONFIGURATION_MANAGEMENT" "SYSTEM_AND_COMMUNICATIONS_PROTECTION" "IDENTIFICATION_AND_AUTHENTICATION" "PLANNING" "MAINTENANCE" "RISK_ASSESSMENT" "SYSTEM_AND_INFORMATION_INTEGRITY" "SECURITY_ASSESSMENT_AND_MONITORING" "SYSTEM_AND_SERVICES_ACQUISITION" "AWARENESS_AND_TRAINING" "PERSONNEL_SECURITY" Example: nist800171r3ControlFamilies=ACCESS_CONTROL&nist800171r3ControlFamilies=PERSONNEL_SECURITY
nist800171r3ControlClassesArray of strings
Filter controls on their NIST SP 800-171 R3 Control Class
Items Enum: "OPERATIONAL" "MANAGEMENT" "TECHNICAL" Example: nist800171r3ControlClasses=TECHNICAL
userIdsArray of numbers
User Ids of Control Owners
Example: userIds=1
isOwnedboolean
Filter controls on if they have a control owner
Example: isOwned=true
isReadyboolean
Filter controls on if they are ready
Example: isReady=true
isAnnexAboolean
Filter controls on if they are an Annex A requirement
Example: isAnnexA=true
isArchivedboolean
Filter to controls that are or are not archived
Example: isArchived=false
isMonitoredboolean
Filter to controls that are or are not monitored
Example: isMonitored=false
hasEvidenceboolean
Filter to controls with or without evidence
Example: hasEvidence=true
hasPolicyboolean
Filter to controls with or without policy
Example: hasPolicy=true
hasPassingTestboolean
Filter to controls with at least one passing test
Example: hasPassingTest=true
excludeIdsArray of numbers
Exclude controls by array of id
Example:
excludeRequirementIdnumber
Exclude controls if they are mapped to this requirement id
Example:
requirementIdnumber
Only include controls if they are mapped to this requirement id
Example:
excludeTestIdnumber
Exclude controls if they are mapped to this test id
Example:
testIdnumber
Only include controls if they are mapped to this test id
Example:
hasTicketstring
Only include controls if they associted to a task management ticket
Enum: "IN_PROGRESS" "ARCHIVED" Example: hasTicket=0
connectionIdnumber
This will be filled in automatic when using a taskManagementStatus.
reviewersIdsArray of numbers
User Ids of Control Reviewers
Example: reviewersIds=1
taskOwnersIdsArray of numbers
Example: taskOwnersIds=1
workspaceIdnumber
ID of the workspace associated with the controls
Example: workspaceId=1