page | number Default: 1 Which page of data are you requesting
Example: page=1 |
limit | number <= 50 Default: 20 How many items are your requesting
Example: limit=10 |
nextPage | string Example: nextPage=d2lraS9hcGkvdjIvcGFnZXM/bGltaXQ9MTAmY3Vyc29yPWV5SnBaQ0k2SWpJM05USTJPVGdpTENKamIyNTBSUGNtUmxjbFpoYkhWbElqb3lOelV5TmprNGZRPT0= |
q | string Filter data by searching for control names, codes, or descriptions
Example: q=Least-Privileged Policy for Customer Data Access |
frameworkTags | Array of strings Filter data by controls associated with these framework tags
Items Enum: "NONE" "SOC_2" "ISO27001" "CCPA" "GDPR" "HIPAA" "PCI" "SCF" "NIST80053" "NISTCSF" "CMMC" "NIST800171" "MSSSPA" "FFIEC" "ISO27701" "COBIT" "SOX_ITGC" "ISO270012022" "CCM" "CYBER_ESSENTIALS" "ISO270172015" "ISO270182019" "CUSTOM" Example: frameworkTags=SOC_2&frameworkTags=ISO27001 |
frameworkSlug | string Filter data by controls associated with these custom framework Slug
Example: frameworkSlug=soc2 |
trustServiceCriterion | string Filter controls on their Trust Service Criteria
Enum: "AVAILABILITY" "CONFIDENTIALITY" "SECURITY" "PRIVACY" "PROCESS_INTEGRITY" "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" "BASIC" "DERIVED" "NIST80053_PRIVACY" Example: trustServiceCriterion=AVAILABILITY |
trustServiceCriteria | Array of strings Filter controls on their Trust Service Criteria
Items Enum: "AVAILABILITY" "CONFIDENTIALITY" "SECURITY" "PRIVACY" "PROCESS_INTEGRITY" "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" "BASIC" "DERIVED" "NIST80053_PRIVACY" Example: trustServiceCriteria=AVAILABILITY&trustServiceCriteria=CONFIDENTIALITY |
ismsCategory | Array of strings Filter controls on their ISMS requirements
Items Enum: "CONTEXT_OF_THE_ORGANIZATION" "LEADERSHIP" "PLANNING" "SUPPORT" "OPERATION" "PERFORMANCE_EVALUATION" "IMPROVEMENT" Example: ismsCategory=CONTEXT_OF_THE_ORGANIZATION&ismsCategory=LEADERSHIP |
isms2022Category | Array of strings Filter controls on their ISMS requirements
Items Enum: "ISO_27001_2022_4_CONTEXT_OF_THE_ORGANIZATION" "ISO_27001_2022_5_LEADERSHIP" "ISO_27001_2022_6_PLANNING" "ISO_27001_2022_7_SUPPORT" "ISO_27001_2022_8_OPERATION" "ISO_27001_2022_9_PERFORMANCE_EVALUATION" "ISO_27001_2022_10_IMPROVEMENT" Example: isms2022Category=ISO_27001_2022_4_CONTEXT_OF_THE_ORGANIZATION&isms2022Category=ISO_27001_2022_5_LEADERSHIP |
isAnnexA2022 | boolean Filter controls on if they are an Annex A requirement
Example: isAnnexA2022=true |
rules | Array of strings Filter controls on their Hipaa rules
Items Enum: "SECURITY" "BREACH_NOTIFICATION" "PRIVACY" Example: rules=BREACH_NOTIFICATION&rules=PRIVACY |
subRules | Array of strings Filter controls on their Hipaa rules
Items Enum: "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" Example: subRules=GENERAL_RULES&subRules=ADMINISTRATIVE_SAFEGUARDS |
pciRequirements | Array of strings Filter controls on their PCI requirements
Items Enum: "FIREWALL" "PASSWORDS" "DATA_AT_REST_PROTECTION" "DATA_IN_TRANSIT_ENCRYPTION" "MALWARE_PROTECTION" "SECURE_SYSTEM_MANAGEMENT" "ACCESS_RESTRICTION" "SYSTEM_ACCESS_CONTROL" "PHYSICAL_ACCESS_CONTROL" "NETWORK_ACCESS_MONITORING" "VULNERABILITY_TESTING" "INFORMATION_SECURITY_POLICY" Example: pciRequirements=FIREWALL&pciRequirements=ACCESS_RESTRICTION |
chapters | Array of strings Filter controls on their GDPR chapters
Items Enum: "PRINCIPLES" "RIGHTS_OF_THE_DATA_SUBJECT" "CONTROLLER_AND_PROCESSOR" "TRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_AND_INTERNATIONAL_ORGANIZATIONS" Example: chapters=CONTROLLER_AND_PROCESSOR&chapters=PRINCIPLES |
statutes | Array of strings Filter controls on their CCPA statutes
Items Enum: "CCPA_INDIVIDUAL_RIGHTS" "CCPA_SERVICE_PROVIDER" "CCPA_SECURITY" Example: statutes=CCPA_INDIVIDUAL_RIGHTS&statutes=CCPA_SERVICE_PROVIDER |
regulations | Array of strings Filter controls on their CCPA regulations
Items Enum: "CCPA_NOTICES_TO_CONSUMERS" "CCPA_BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS" "CCPA_VERIFICATION_OF_REQUESTS" "CCPA_SPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGE" "CCPA_NON_DISCRIMINATION" "CCPA_GENERAL_PROVISIONS" "CCPA_REQUIRED_DISCLOSURES_TO_CONSUMERS" "CCPA_SERVICE_PROVIDERS_CONTRACTORS_AND_THIRD_PARTIES" "CCPA_TRAINING_AND_RECORD_KEEPING" Example: regulations=CCPA_BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS®ulations=CCPA_NON_DISCRIMINATION |
functions | Array of strings Filter controls on their NIST CSF Functions
Items Enum: "IDENTIFY" "PROTECT" "DETECT" "RESPOND" "RECOVER" Example: functions=RECOVER&functions=RESPOND |
sections | Array of strings Filter controls on their MSSSPA Section
Items Enum: "MANAGEMENT" "NOTICE" "CHOICE_AND_CONSENT" "COLLECTION" "RETENTION" "DATA_SUBJECTS" "DISCLOSURE_TO_THIRD_PARTIES" "QUALITY" "MONITORING_AND_ENFORCEMENT" "MS_SSPA_SECURITY" Example: sections=DATA_SUBJECTS§ions=CHOICE_AND_CONSENT |
controlFamilies | Array of strings Filter controls on their NIST SP 800-171 Control Family
Items Enum: "AUDIT_AND_ACCOUNTABILITY" "CONFIGURATION_MANAGEMENT" "IDENTIFICATION_AND_AUTHENTICATION" "INCIDENT_RESPONSE" "MEDIA_PROTECTION" "PERSONNEL_SECURITY" "PHYSICAL_PROTECTION" "SECURITY_ASSESSMENT" "SYSTEM_AND_COMMUNICATIONS_PROTECTION" "SYSTEM_AND_INFORMATION_INTEGRITY" "NIST_800_171_ACCESS_CONTROL" "NIST_800_171_AWARENESS_AND_TRAINING" "NIST_800_171_MAINTENANCE" "NIST_800_171_RISK_ASSESSMENT" Example: controlFamilies=NIST_800_171_ACCESS_CONTROL&controlFamilies=PERSONNEL_SECURITY |
controlClasses | Array of strings Filter controls on their NIST SP 800-171 Control Class
Items Enum: "TECHNICAL" "OPERATIONAL" "NIST_800_171_MANAGEMENT" Example: controlClasses=TECHNICAL |
iso27701 | Array of strings Filter controls on their ISO27701 requirements
Items Enum: "PIMS_SPECIFIC_REQUIREMENTS" "PIMS_SPECIFIC_GUIDANCE" "PII_CONTROLS_GUIDANCE" "PII_PROCESSORS_GUIDANCE" Example: iso27701=PII_CONTROLS_GUIDANCE |
cobit | Array of strings Filter controls on their COBIT requirements
Items Enum: "EVALUATE_DIRECT_AND_MONITOR" "ALIGN_PLAN_AND_ORGANIZE" "BUILD_ACQUIRE_AND_IMPLEMENT" "DELIVER_SERVICE_AND_SUPPORT" "MONITOR_EVALUATE_AND_ASSESS" Example: cobit=ALIGN_PLAN_AND_ORGANIZE |
soxitgc | Array of strings Filter controls on their SOX requirements
Items Enum: "PROGRAM_DEVELOPMENT" "CHANGE_MANAGEMENT" "SYSTEM_OPERATIONS" "ACCESS_MANAGEMENT" Example: soxitgc=PROGRAM_DEVELOPMENT |
controlBaselines | Array of strings Filter controls on their NIST SP 800-53 Control Baseline
Items Enum: "NIST_800_53_TECHNICAL" "NIST_800_53_OPERATIONAL" "NIST_800_53_MANAGEMENT" Example: controlBaselines=NIST_800_53_OPERATIONAL |
cmmcClasses | Array of strings Filter controls on their NIST SP 800-53 Control Baseline
Items Enum: "CMMC_TECHNICAL" "CMMC_OPERATIONAL" "CMMC_MANAGEMENT" Example: cmmcClasses=CMMC_MANAGEMENT |
domains | Array of strings Filter controls on their FFIEC Domains
Items Enum: "FFIEC_CYBER_RISK_MANAGEMENT_AND_OVERSIGHT" "FFIEC_THREAT_INTELLIGENCE_AND_COLLABORATION" "FFIEC_CYBERSECURITY_CONTROLS" "FFIEC_EXTERNAL_DEPENDENCY_MANAGEMENT" "FFIEC_CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE" Example: domains=FFIEC_CYBERSECURITY_CONTROLS |
assessmentFactors | Array of strings Filter controls on their FFIEC Assessment Factors
Items Enum: "FFIEC_GOVERNANCE" "FFIEC_RISK_MANAGEMENT" "FFIEC_RESOURCES" "FFIEC_TRAINING_AND_CULTURE" "FFIEC_THREAT_INTELLIGENCE" "FFIEC_MONITORING_AND_ANALYZING" "FFIEC_INFORMATION_SHARING" "FFIEC_PREVENTATIVE_CONTROLS" "FFIEC_DETECTIVE_CONTROLS" "FFIEC_CORRECTIVE_CONTROLS" "FFIEC_CONNECTIONS" "FFIEC_RELATIONSHIP_MANAGEMENT" "FFIEC_INCIDENT_RESILIENCE_PLANNING_AND_STRATEGY" "FFIEC_DETECTION_RESPONSE_AND_MITIGATION" "FFIEC_ESCALATION_AND_REPORTING" Example: assessmentFactors=FFIEC_GOVERNANCE |
userIds | Array of numbers User Ids of Control Owners
Example: userIds=1 |
isOwned | boolean Filter controls on if they have a control owner
Example: isOwned=true |
isReady | boolean Filter controls on if they are ready
Example: isReady=true |
isAnnexA | boolean Filter controls on if they are an Annex A requirement
Example: isAnnexA=true |
isArchived | boolean Filter to controls that are or are not archived
|
isMonitored | boolean Filter to controls that are or are not monitored
|
hasEvidence | boolean Filter to controls with or without evidence
Example: hasEvidence=true |
hasPassingTest | boolean Filter to controls with at least one passing test
Example: hasPassingTest=true |
excludeIds | Array of numbers Exclude controls by array of id
Example: |
excludeRequirementId | number Exclude controls if they are mapped to this requirement id
Example: |
requirementId | number Only include controls if they are mapped to this requirement id
Example: |
excludeTestId | number Exclude controls if they are mapped to this test id
Example: |
testId | number Only include controls if they are mapped to this test id
Example: |
hasTicket | string Only include controls if they associted to a task management ticket
Enum: "IN_PROGRESS" "ARCHIVED" |
connectionId | number This will be filled in automatic when using a taskManagementStatus.
|