Find controls by search terms and filters

List Controls given the provided search terms and filters

Securitybearer

Request

query Parameters

page	number >= 1 Default: 1 Which page of data are you requesting
limit	number [ 1 .. 50 ] Default: 20 How many items are you requesting
q	string Filter data by searching for control names, codes, or descriptions Example: q=Least-Privileged Policy for Customer Data Access
frameworkTags	Array of strings Filter data by controls associated with these framework tags Items Enum: "NONE" "SOC_2" "ISO27001" "CCPA" "GDPR" "HIPAA" "PCI" "SCF" "NIST80053" "NISTCSF" "CMMC" "NIST800171" "MSSSPA" "FFIEC" "ISO27701" "COBIT" "SOX_ITGC" "ISO270012022" "CCM" "CYBER_ESSENTIALS" "ISO270172015" "ISO270182019" "FEDRAMP" "NISTAI" "PCI4" "CUSTOM" Example: frameworkTags=SOC_2&frameworkTags=ISO27001
frameworkSlug	string Filter data by controls associated with these custom framework Slug Example: frameworkSlug=soc2
trustServiceCriterion	string Filter controls on their Trust Service Criteria Enum: "AVAILABILITY" "CONFIDENTIALITY" "SECURITY" "PRIVACY" "PROCESS_INTEGRITY" "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" "BASIC" "DERIVED" "NIST80053_PRIVACY" Example: trustServiceCriterion=AVAILABILITY
trustServiceCriteria	Array of strings Filter controls on their Trust Service Criteria Items Enum: "AVAILABILITY" "CONFIDENTIALITY" "SECURITY" "PRIVACY" "PROCESS_INTEGRITY" "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" "BASIC" "DERIVED" "NIST80053_PRIVACY" Example: trustServiceCriteria=AVAILABILITY&trustServiceCriteria=CONFIDENTIALITY
ismsCategory	Array of strings Filter controls on their ISMS requirements Items Enum: "CONTEXT_OF_THE_ORGANIZATION" "LEADERSHIP" "PLANNING" "SUPPORT" "OPERATION" "PERFORMANCE_EVALUATION" "IMPROVEMENT" Example: ismsCategory=CONTEXT_OF_THE_ORGANIZATION&ismsCategory=LEADERSHIP
isms2022Category	Array of strings Filter controls on their ISMS requirements Items Enum: "ISO_27001_2022_4_CONTEXT_OF_THE_ORGANIZATION" "ISO_27001_2022_5_LEADERSHIP" "ISO_27001_2022_6_PLANNING" "ISO_27001_2022_7_SUPPORT" "ISO_27001_2022_8_OPERATION" "ISO_27001_2022_9_PERFORMANCE_EVALUATION" "ISO_27001_2022_10_IMPROVEMENT" Example: isms2022Category=ISO_27001_2022_4_CONTEXT_OF_THE_ORGANIZATION&isms2022Category=ISO_27001_2022_5_LEADERSHIP
isAnnexA2022	boolean Filter controls on if they are an Annex A requirement Example: isAnnexA2022=true
rules	Array of strings Filter controls on their Hipaa rules Items Enum: "SECURITY" "BREACH_NOTIFICATION" "PRIVACY" Example: rules=BREACH_NOTIFICATION&rules=PRIVACY
subRules	Array of strings Filter controls on their Hipaa rules Items Enum: "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" Example: subRules=GENERAL_RULES&subRules=ADMINISTRATIVE_SAFEGUARDS
pciRequirements	Array of strings Filter controls on their PCI requirements Items Enum: "FIREWALL" "PASSWORDS" "DATA_AT_REST_PROTECTION" "DATA_IN_TRANSIT_ENCRYPTION" "MALWARE_PROTECTION" "SECURE_SYSTEM_MANAGEMENT" "ACCESS_RESTRICTION" "SYSTEM_ACCESS_CONTROL" "PHYSICAL_ACCESS_CONTROL" "NETWORK_ACCESS_MONITORING" "VULNERABILITY_TESTING" "INFORMATION_SECURITY_POLICY" Example: pciRequirements=FIREWALL&pciRequirements=ACCESS_RESTRICTION
chapters	Array of strings Filter controls on their GDPR chapters Items Enum: "PRINCIPLES" "RIGHTS_OF_THE_DATA_SUBJECT" "CONTROLLER_AND_PROCESSOR" "TRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_AND_INTERNATIONAL_ORGANIZATIONS" Example: chapters=CONTROLLER_AND_PROCESSOR&chapters=PRINCIPLES
statutes	Array of strings Filter controls on their CCPA statutes Items Enum: "CCPA_INDIVIDUAL_RIGHTS" "CCPA_SERVICE_PROVIDER" "CCPA_SECURITY" Example: statutes=CCPA_INDIVIDUAL_RIGHTS&statutes=CCPA_SERVICE_PROVIDER
regulations	Array of strings Filter controls on their CCPA regulations Items Enum: "CCPA_NOTICES_TO_CONSUMERS" "CCPA_BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS" "CCPA_VERIFICATION_OF_REQUESTS" "CCPA_SPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGE" "CCPA_NON_DISCRIMINATION" "CCPA_GENERAL_PROVISIONS" "CCPA_REQUIRED_DISCLOSURES_TO_CONSUMERS" "CCPA_SERVICE_PROVIDERS_CONTRACTORS_AND_THIRD_PARTIES" "CCPA_TRAINING_AND_RECORD_KEEPING" Example: regulations=CCPA_BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS&regulations=CCPA_NON_DISCRIMINATION
functions	Array of strings Filter controls on their NIST CSF Functions Items Enum: "IDENTIFY" "PROTECT" "DETECT" "RESPOND" "RECOVER" Example: functions=RECOVER&functions=RESPOND
sections	Array of strings Filter controls on their MSSSPA Section Items Enum: "MANAGEMENT" "NOTICE" "CHOICE_AND_CONSENT" "COLLECTION" "RETENTION" "DATA_SUBJECTS" "DISCLOSURE_TO_THIRD_PARTIES" "QUALITY" "MONITORING_AND_ENFORCEMENT" "MS_SSPA_SECURITY" Example: sections=DATA_SUBJECTS&sections=CHOICE_AND_CONSENT
controlFamilies	Array of strings Filter controls on their NIST SP 800-171 Control Family Items Enum: "AUDIT_AND_ACCOUNTABILITY" "CONFIGURATION_MANAGEMENT" "IDENTIFICATION_AND_AUTHENTICATION" "INCIDENT_RESPONSE" "MEDIA_PROTECTION" "PERSONNEL_SECURITY" "PHYSICAL_PROTECTION" "SECURITY_ASSESSMENT" "SYSTEM_AND_COMMUNICATIONS_PROTECTION" "SYSTEM_AND_INFORMATION_INTEGRITY" "NIST_800_171_ACCESS_CONTROL" "NIST_800_171_AWARENESS_AND_TRAINING" "NIST_800_171_MAINTENANCE" "NIST_800_171_RISK_ASSESSMENT" Example: controlFamilies=NIST_800_171_ACCESS_CONTROL&controlFamilies=PERSONNEL_SECURITY
controlClasses	Array of strings Filter controls on their NIST SP 800-171 Control Class Items Enum: "TECHNICAL" "OPERATIONAL" "NIST_800_171_MANAGEMENT" Example: controlClasses=TECHNICAL
iso27701	Array of strings Filter controls on their ISO27701 requirements Items Enum: "PIMS_SPECIFIC_REQUIREMENTS" "PIMS_SPECIFIC_GUIDANCE" "PII_CONTROLS_GUIDANCE" "PII_PROCESSORS_GUIDANCE" Example: iso27701=PII_CONTROLS_GUIDANCE
cobit	Array of strings Filter controls on their COBIT requirements Items Enum: "EVALUATE_DIRECT_AND_MONITOR" "ALIGN_PLAN_AND_ORGANIZE" "BUILD_ACQUIRE_AND_IMPLEMENT" "DELIVER_SERVICE_AND_SUPPORT" "MONITOR_EVALUATE_AND_ASSESS" Example: cobit=ALIGN_PLAN_AND_ORGANIZE
soxitgc	Array of strings Filter controls on their SOX requirements Items Enum: "PROGRAM_DEVELOPMENT" "CHANGE_MANAGEMENT" "SYSTEM_OPERATIONS" "ACCESS_MANAGEMENT" Example: soxitgc=PROGRAM_DEVELOPMENT
controlBaselines	Array of strings Filter controls on their NIST SP 800-53 Control Baseline Items Enum: "NIST_800_53_TECHNICAL" "NIST_800_53_OPERATIONAL" "NIST_800_53_MANAGEMENT" Example: controlBaselines=NIST_800_53_OPERATIONAL
cmmcClasses	Array of strings Filter controls on their NIST SP 800-53 Control Baseline Items Enum: "CMMC_TECHNICAL" "CMMC_OPERATIONAL" "CMMC_MANAGEMENT" Example: cmmcClasses=CMMC_MANAGEMENT
domains	Array of strings Filter controls on their FFIEC Domains Items Enum: "FFIEC_CYBER_RISK_MANAGEMENT_AND_OVERSIGHT" "FFIEC_THREAT_INTELLIGENCE_AND_COLLABORATION" "FFIEC_CYBERSECURITY_CONTROLS" "FFIEC_EXTERNAL_DEPENDENCY_MANAGEMENT" "FFIEC_CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE" Example: domains=FFIEC_CYBERSECURITY_CONTROLS
assessmentFactors	Array of strings Filter controls on their FFIEC Assessment Factors Items Enum: "FFIEC_GOVERNANCE" "FFIEC_RISK_MANAGEMENT" "FFIEC_RESOURCES" "FFIEC_TRAINING_AND_CULTURE" "FFIEC_THREAT_INTELLIGENCE" "FFIEC_MONITORING_AND_ANALYZING" "FFIEC_INFORMATION_SHARING" "FFIEC_PREVENTATIVE_CONTROLS" "FFIEC_DETECTIVE_CONTROLS" "FFIEC_CORRECTIVE_CONTROLS" "FFIEC_CONNECTIONS" "FFIEC_RELATIONSHIP_MANAGEMENT" "FFIEC_INCIDENT_RESILIENCE_PLANNING_AND_STRATEGY" "FFIEC_DETECTION_RESPONSE_AND_MITIGATION" "FFIEC_ESCALATION_AND_REPORTING" Example: assessmentFactors=FFIEC_GOVERNANCE
userIds	Array of numbers User Ids of Control Owners Example: userIds=1
isOwned	boolean Filter controls on if they have a control owner Example: isOwned=true
isReady	boolean Filter controls on if they are ready Example: isReady=true
isAnnexA	boolean Filter controls on if they are an Annex A requirement Example: isAnnexA=true
isArchived	boolean Filter to controls that are or are not archived
isMonitored	boolean Filter to controls that are or are not monitored
hasEvidence	boolean Filter to controls with or without evidence Example: hasEvidence=true
hasPassingTest	boolean Filter to controls with at least one passing test Example: hasPassingTest=true
excludeIds	Array of numbers Exclude controls by array of id Example:
excludeRequirementId	number Exclude controls if they are mapped to this requirement id Example:
requirementId	number Only include controls if they are mapped to this requirement id Example:
excludeTestId	number Exclude controls if they are mapped to this test id Example:
testId	number Only include controls if they are mapped to this test id Example:
hasTicket	string Only include controls if they associted to a task management ticket Enum: "IN_PROGRESS" "ARCHIVED"
connectionId	number This will be filled in automatic when using a taskManagementStatus.
reviewersIds	Array of numbers User Ids of Control Reviewers Example: reviewersIds=1
taskOwnersIds	Array of numbers User Ids of TaskOwners Example: taskOwnersIds=1

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

404

Record Not Found

500

Internal server error

default

Response Code: 412

You must accept the Drata terms and conditions to use the API

get/public/controls

Request samples

Response samples

application/json

{"data": [ ],
"page": 1,
"limit": 10,
"total": 100
}