Drata API (V1)

Download OpenAPI specification:Download

REST API powering partners and friends 🏄

When importing into Postman, the folders will be organized by Postman’s default hierarchy of Paths. This will appear mismatched with Drata’s developer documentation here. In order for it to match our docs, please change the folder organization to Tags in the Import Settings. See below:

1. Open Postman
2. Click on Import in the top left hand corner
3. Select the swagger file to import but don’t import just yet
4. Once selected, click on View Import Settings
5. Scroll down to Folder organization: it's defaulted to Paths; change this to Tags
6. Click the back arrow to go back to the import screen and click Import
7. Done!

Frameworks

Find frameworks by workspace id

List frameworks by workspace id

🔒 Requires Frameworks: List Frameworks permission.

Securitybearer
Request
path Parameters
id
required
number
query Parameters
page
number >= 1
Default: 1

Which page of data are you requesting

limit
number [ 1 .. 50 ]
Default: 20

How many items are you requesting

q
string

Filter data by searching for framework names

excludeIds
Array of numbers

Exclude frameworks by array of id

Example:
getAll
boolean

return all frameworks?

Example: getAll=false
isReady
boolean

Filter controls on if they are ready

Example: isReady=true
isEnabled
boolean
Default: true

Filter frameworks enabled

Example: isEnabled=true
Responses
200
400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/workspaces/{id}/frameworks
Request samples 
Response samples 
application/json
{
  • "frameworks": [
    • {
      • "id": "123",
      • "name": "SOC2",
      • "hasLevel": true,
      • "levelLabel": true,
      • "selectedLevel": "42",
      • "privacy": true,
      • "description": "Report on controls at a Service Organization",
      • "longDescription": "string",
      • "slug": "soc2-slug",
      • "tag": "SOC2",
      • "label": "SOC 2",
      • "totalInScopeControls": "42",
      • "numInScopeRequirements": "42",
      • "numReadyInScopeRequirements": "42",
      • "enabledAt": true,
      • "frameworkEnabled": true,
      • "controlsEnabled": true,
      • "color": "#174880",
      • "bgColor": "#174880",
      • "activeLogo": "https://drata.com",
      • "inactiveLogo": "https://drata.com",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z",
      • "isReady": true,
      • "productFrameworkEnabled": true,
      • "customFrameworkId": "123e4567-e89b-12d3-a456-426614174000",
      • "type": "CUSTOM"
      }
    ]
}
Find framework requirements by search terms and filters
List framework requirements for the primary workspace, given the provided search terms and filters


🔒 Requires Frameworks: List Framework Requirements permission.


Securitybearer 
Request 
query Parameters
page
number  >= 1 
 Default:  1
Which page of data are you requesting


 
limit
number  [ 1 .. 50 ] 
 Default:  20
How many items are you requesting


 
q
string
Filter data by searching for requirement name or description/long description


 
 Example:  q=A1.1
frameworkSlug
string
Filter requirements on their framework slug


 
 Example:  frameworkSlug=soc2
excludeIds
Array of numbers
Exclude requirements by array of id


 
 Example:  excludeIds=1&excludeIds=2
excludeControlId
number
Control id to be excluded


 
 Example:  excludeControlId=1
isInScope
boolean or null
Filter requirements if they are in/out of scope


 
 Example:  isInScope=false
isReady
boolean or null
Filter requirements if they are or not ready


 
 Example:  isReady=false
isInScopeControls
boolean or null
Filter requirements if they are linked to controls that are in/out of scope


 
 Example:  isInScopeControls=false
topic
Array of strings or null
Filter requirements on their topic


 Enum: "AVAILABILITY" "CONFIDENTIALITY" "SECURITY" "PRIVACY" "PROCESS_INTEGRITY" "GENERAL_RULES" "ADMINISTRATIVE_SAFEGUARDS" "PHYSICAL_SAFEGUARDS" "TECHNICAL_SAFEGUARDS" "REQUIREMENTS_ORGANIZATION" "REQUIREMENTS_POLICIES_PROCEDURES" "BASIC" "DERIVED" "NIST80053_PRIVACY"  
 Example:  topic=ADMINISTRATIVE_SAFEGUARDS&topic=AVAILABILITY
category
Array of strings or null
Filter requirements on their category


 Enum: "SOC_2_AVAILABILITY" "SOC_2_CONFIDENTIALITY" "SOC_2_CONTROL_ENVIRONMENT" "SOC_2_COMMUNICATION_AND_INFORMATION" "SOC_2_RISK_ASSESSMENT" "SOC_2_MONITORING_ACTIVITIES" "SOC_2_CONTROL_ACTIVITIES" "SOC_2_LOGICAL_AND_PHYSICAL_ACCESS_CONTROLS" "SOC_2_SYSTEM_OPERATIONS" "SOC_2_CHANGE_MANAGEMENT" "SOC_2_RISK_MITIGATION" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_NOTICE_AND_COMMUNICATION_OF_REQUIREMENTS_RELATED_TO_PRIVACY" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_CHOICE_AND_CONSENT" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_COLLECTION" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_USE_RETENTION_AND_DISPOSAL" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_ACCESS" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_DISCLOSURE_AND_NOTIFICATION" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_QUALITY" "SOC_2_PRIVACY_CRITERIA_RELATED_TO_MONITORING_AND_ENFORCEMENT" "SOC_2_PROCESS_INTEGRITY" "ISO27001_CONTEXT_OF_THE_ORGANIZATION" "ISO27001_LEADERSHIP" "ISO27001_PLANNING" "ISO27001_SUPPORT" "ISO27001_OPERATION" "ISO27001_PERFORMANCE_EVALUATION" "ISO27001_IMPROVEMENT" "ISO_INFORMATION_SECURITY_POLICIES" "ISO_ORGANIZATION_OF_INFORMATION_SECURITY" "ISO_HUMAN_RESOURCES_SECURITY" "ISO_ASSET_MANAGEMENT" "ISO_ACCESS_CONTROL" "ISO_CRYPTOGRAPHY" "ISO_PHYSICAL_AND_ENVIRONMENTAL_SECURITY" "ISO_OPERATIONS_SECURITY" "ISO_COMMUNICATIONS_SECURITY" "ISO_SYSTEM_ACQUISITION_DEVELOPMENT_AND_MAINTENANCE" "ISO_SUPPLIER_RELATIONSHIPS" "ISO_INFORMATION_SECURITY_INCIDENT_MANAGEMENT" "ISO27001_INFORMATION_SECURITY_ASPECTS_OF_BUSINESS_CONTINUITY_MANAGEMENT" "ISO_COMPLIANCE" "HIPAA_SECURITY" "HIPAA_BREACH_NOTIFICATION" "HIPAA_PRIVACY" "PCI_FIREWALL" "PCI_PASSWORDS" "PCI_DATA_AT_REST_PROTECTION" "PCI_DATA_IN_TRANSIT_ENCRYPTION" "PCI_MALWARE_PROTECTION" "PCI_SECURE_SYSTEM_MANAGEMENT" "PCI_ACCESS_RESTRICTION" "PCI_SYSTEM_ACCESS_CONTROL" "PCI_PHYSICAL_ACCESS_CONTROL" "PCI_NETWORK_ACCESS_MONITORING" "PCI_VULNERABILITY_TESTING" "PCI_INFORMATION_SECURITY_POLICY" "GDPR_PRINCIPLES" "GDPR_RIGHTS_OF_THE_DATA_SUBJECT" "GDPR_CONTROLLER_AND_PROCESSOR" "GDPR_TRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_OR_INTERNATIONAL_ORGANIZATIONS" "CCPA_INDIVIDUAL_RIGHTS" "CCPA_SERVICE_PROVIDER" "CCPA_NOTICES_TO_CONSUMERS" "CCPA_BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS" "CCPA_VERIFICATION_OF_REQUESTS" "CCPA_SPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGE" "CCPA_NON_DISCRIMINATION" "MSSSPA_MANAGEMENT" "MSSSPA_NOTICE" "MSSSPA_CHOICE_AND_CONSENT" "MSSSPA_COLLECTION" "MSSSPA_RETENTION" "MSSSPA_DATA_SUBJECTS" "MSSSPA_DISCLOSURE_TO_THIRD_PARTIES" "MSSSPA_QUALITY" "MSSSPA_MONITORING_AND_ENFORCEMENT" "NISTCSF_IDENTIFY" "NISTCSF_PROTECT" "NISTCSF_DETECT" "NISTCSF_RESPOND" "NISTCSF_RECOVER" "NIST800171R2_TECHNICAL" "NIST800171R2_OPERATIONAL" "ISO277012019_PIMS_SPECIFIC_REQUIREMENTS" "ISO277012019_PIMS_SPECIFIC_GUIDANCE" "PII_CONTROLS_GUIDANCE" "PII_PROCESSORS_GUIDANCE" "CCPA_SECURITY" "MSSSPA_SECURITY" "NIST800171R2_MANAGEMENT" "FFIEC_CYBER_RISK_MANAGEMENT_AND_OVERSIGHT" "FFIEC_THREAT_INTELLIGENCE_AND_COLLABORATION" "FFIEC_CYBERSECURITY_CONTROLS" "FFIEC_EXTERNAL_DEPENDENCY_MANAGEMENT" "FFIEC_CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE" "NISTSP80053_TECHNICAL" "NISTSP80053_OPERATIONAL" "NISTSP80053_MANAGEMENT" "CMMC_TECHNICAL" "CMMC_OPERATIONAL" "CMMC_MANAGEMENT" "COBIT_EVALUATE_DIRECT_AND_MONITOR" "COBIT_ALIGN_PLAN_AND_ORGANIZE" "COBIT_BUILD_ACQUIRE_AND_IMPLEMENT" "COBIT_DELIVER_SERVICE_AND_SUPPORT" "COBIT_MONITOR_EVALUATE_AND_ASSESS" "SOX_ITGC_PROGRAM_DEVELOPMENT" "SOX_ITGC_CHANGE_MANAGEMENT" "SOX_ITGC_SYSTEM_OPERATIONS" "SOX_ITGC_ACCESS_MANAGEMENT" "ISO270012022_CONTEXT_OF_THE_ORGANIZATION" "ISO270012022_LEADERSHIP" "ISO270012022_PLANNING" "ISO270012022_SUPPORT" "ISO270012022_OPERATION" "ISO270012022_PERFORMANCE_EVALUATION" "ISO270012022_IMPROVEMENT" "ISO270012022_ORGANIZATIONAL_CONTROLS" "ISO270012022_PEOPLE_CONTROLS" "ISO270012022_PHYSICAL_CONTROLS" "ISO270012022_TECHNOLOGICAL_CONTROLS" "CCM_AUDIT_AND_ASSURANCE" "CCM_APPLICATION_AND_INTERFACE_SECURITY" "CCM_BUSINESS_CONTINUITY_MANAGEMENT_AND_OPERATIONAL_RESILIENCE" "CCM_CHANGE_CONTROL_AND_CONFIGURATION_MANAGEMENT" "CCM_CRYPTOGRAPHY_ENCRYPTION_AND_KEY_MANAGEMENT" "CCM_DATACENTER_SECURITY" "CCM_DATA_SECURITY_AND_PRIVACY_LIFECYCLE_MANAGEMENT" "CCM_GOVERNANCE_RISK_AND_COMPLIANCE" "CCM_HUMAN_RESOURCES" "CCM_IDENTITY_AND_ACCESS_MANAGEMENT" "CCM_INTEROPERABILITY_AND_PORTABILITY" "CCM_INFRASTRUCTURE_AND_VIRTUALIZATION_SECURITY" "CCM_LOGGING_AND_MONITORING" "CCM_SECURITY_INCIDENT_MANAGEMENT_EDISCOVERY_AND_CLOUD_FORENSICS" "CCM_SUPPLY_CHAIN_MANAGEMENT_TRANSPARENCY_AND_ACCOUNTABILITY" "CCM_THREAT_AND_VULNERABILITY_MANAGEMENT" "CCM_UNIVERSAL_ENDPOINT_MANAGEMENT" "CCPA_GENERAL_PROVISIONS" "CCPA_REQUIRED_DISCLOSURES_TO_CONSUMERS" "CCPA_SERVICE_PROVIDERS_CONTRACTORS_AND_THIRD_PARTIES" "CCPA_TRAINING_AND_RECORD_KEEPING" "CYBER_ESSENTIALS_FIREWALLS" "CYBER_ESSENTIALS_SECURE_CONFIGURATION_COMPUTERS_AND_NETWORK_DEVICES" "CYBER_ESSENTIALS_SECURE_CONFIGURATION_DEVICE_UNLOCKING_CREDENTIALS" "CYBER_ESSENTIALS_SECURITY_UPDATE_MANAGEMENT" "CYBER_ESSENTIALS_USER_ACCESS_CONTROL" "CYBER_ESSENTIALS_MALWARE_PROTECTION" "CYBER_ESSENTIALS_DATA_BACKUP" "CYBER_ESSENTIALS_ASSET_MANAGEMENT" "CYBER_ESSENTIALS_VULNERABILITY_MANAGEMENT" "ISO270182019_PII" "FEDRAMP_TECHNICAL" "FEDRAMP_OPERATIONAL" "FEDRAMP_MANAGEMENT" "NISTAI_GOVERN" "NISTAI_MANAGE" "NISTAI_MAP" "NISTAI_MEASURE" "PCI4_NETWORK_SECURITY" "PCI4_SECURE_CONFIGURATIONS" "PCI4_DATA_STORAGE_PROTECTION" "PCI4_DATA_TRANSMISSION_PROTECTION" "PCI4_MALWARE_PROTECTION" "PCI4_SECURE_DEVELOPMENT_AND_MAINTENANCE" "PCI4_ACCESS_MANAGEMENT" "PCI4_IDENTIFICATION_AND_AUTHENTICATION" "PCI4_PHYSICAL_ACCESS_CONTROL" "PCI4_LOGGING_AND_MONITORING" "PCI4_SECURITY_TESTING" "PCI4_ORGANIZATIONAL_POLICIES_AND_PROGRAMS" "PCI4_APPENDIX_1_MULTI_TENANT_SERVICE_PROVIDERS" "PCI4_APPENDIX_2_ENTITIES_USING_SSL_EARLY_TLS" "PCI4_APPENDIX_3_DESIGNATED_ENTITIES_SUPPLEMENTAL_VALIDATION" "ISO277012019_ANNEX_B_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "ISO277012019_ANNEX_B_OBLIGATIONS_TO_PII_PRINCIPLES" "ISO277012019_ANNEX_B_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "ISO277012019_ANNEX_B_PII_SHARING_TRANSFER_AND_DISCLOSURE" "ISO277012019_ANNEX_A_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "ISO277012019_ANNEX_A_OBLIGATIONS_TO_PII_PRINCIPLES" "ISO277012019_ANNEX_A_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "ISO277012019_ANNEX_A_PII_SHARING_TRANSFER_AND_DISCLOSURE" "NISTCSF2_GOVERN_GV" "NISTCSF2_IDENTIFY_ID" "NISTCSF2_PROTECT_PR" "NISTCSF2_DETECT_DE" "NISTCSF2_RESPOND_RS" "NISTCSF2_RECOVER_RC" "NIS2_GOVERNANCE" "NIS2_RISK_MANAGEMENT" "NIS2_REPORTING" "DORA_REGULATION" "DORA_ICT_RMF_RTS" "ISO420012023_RESOURCES_FOR_AI_SYSTEMS" "ISO420012023_INTERNAL_ORGANIZATION" "ISO420012023_AI_SYSTEM_LIFE_CYCLE" "ISO420012023_ASSESSING_IMPACTS_OF_AI_SYSTEMS" "ISO420012023_DATA_FOR_AI_SYSTEMS" "ISO420012023_INFORMATION_FOR_INTERESTED_PARTIES_OF_AI_SYSTEMS" "ISO420012023_USE_OF_AI_SYSTEMS" "ISO420012023_THIRD_PARTY_AND_CUSTOMER_RELATIONSHIPS" "ISO420012023_POLICIES_RELATED_TO_AI" "ISO420012023_SUPPORT" "ISO420012023_OPERATION" "ISO420012023_CONTEXT_OF_THE_ORGANIZATION" "ISO420012023_PERFORMANCE_EVALUATION" "ISO420012023_PLANNING" "ISO420012023_LEADERSHIP" "ISO420012023_IMPROVEMENT" "DRATA_ESSENTIALS_PROTECT" "DRATA_ESSENTIALS_RECOVER" "DRATA_ESSENTIALS_RESPOND" "DRATA_ESSENTIALS_IDENTIFY" "DRATA_ESSENTIALS_DETECT" "DRATA_ESSENTIALS_GOVERN" "NIST800171R3_OPERATIONAL" "NIST800171R3_MANAGEMENT" "NIST800171R3_TECHNICAL" "CIS81_SERVICE_PROVIDER_MANAGEMENT" "CIS81_DATA_PROTECTION" "CIS81_DATA_RECOVERY" "CIS81_CONTINUOUS_VULNERABILITY_MANAGEMENT" "CIS81_APPLICATION_SOFTWARE_SECURITY" "CIS81_ACCESS_CONTROL_MANAGEMENT" "CIS81_INVENTORY_AND_CONTROL_OF_SOFTWARE_ASSETS" "CIS81_NETWORK_INFRASTRUCTURE_MANAGEMENT" "CIS81_EMAIL_AND_WEB_BROWSER_PROTECTIONS" "CIS81_NETWORK_MONITORING_AND_DEFENSE" "CIS81_AUDIT_LOG_MANAGEMENT" "CIS81_SECURE_CONFIGURATION_OF_ENTERPRISE_ASSETS_AND_SOFTWARE" "CIS81_INVENTORY_AND_CONTROL_OF_ENTERPRISE_ASSETS" "CIS81_MALWARE_DEFENSES" "CIS81_SECURITY_AWARENESS_AND_SKILLS_TRAINING" "CIS81_PENETRATION_TESTING" "CIS81_ACCOUNT_MANAGEMENT" "CIS81_INCIDENT_RESPONSE_MANAGEMENT" "CYBERESSENTIALS32_MALWARE_PROTECTION" "CYBERESSENTIALS32_DEVICE_UNLOCKING_METHOD" "CYBERESSENTIALS32_FIREWALLS" "CYBERESSENTIALS32_PASSWORD_BASED_AUTHENTICATION" "CYBERESSENTIALS32_SECURITY_UPDATE_MANAGEMENT" "CYBERESSENTIALS32_SCOPE" "CYBERESSENTIALS32_ADMINISTRATIVE_ACCOUNTS" "CYBERESSENTIALS32_SECURE_CONFIGURATION" "CYBERESSENTIALS32_USER_ACCESS_CONTROL" "FR20X_POLICY_AND_INVENTORY" "FR20X_SERVICE_CONFIGURATION" "FR20X_MONITORING_LOGGING_AND_AUDITING" "FR20X_CHANGE_MANAGEMENT" "FR20X_CLOUD_NATIVE_ARCHITECTURE" "FR20X_THIRD_PARTY_INFORMATION_RESOURCES" "FR20X_IDENTITY_AND_ACCESS_MANAGEMENT" "FR20X_INCIDENT_REPORTING" "FR20X_CYBERSECURITY_EDUCATION" "FR20X_RECOVERY_PLANNING" "HITRUST_EDUCATION_TRAINING_AND_AWARENESS" "HITRUST_DATA_PROTECTION_AND_PRIVACY" "HITRUST_PHYSICAL_AND_ENVIRONMENTAL_SECURITY" "HITRUST_AUDIT_LOGGING_AND_MONITORING" "HITRUST_INFORMATION_PROTECTION_PROGRAM" "HITRUST_TRANSMISSION_PROTECTION" "HITRUST_THIRD_PARTY_ASSURANCE" "HITRUST_RISK_MANAGEMENT" "HITRUST_ACCESS_CONTROL" "HITRUST_PASSWORD_MANAGEMENT" "HITRUST_VULNERABILITY_MANAGEMENT" "HITRUST_BUSINESS_CONTINUITY_AND_DISASTER_RECOVERY" "HITRUST_MOBILE_DEVICE_SECURITY" "HITRUST_INCIDENT_MANAGEMENT" "HITRUST_ENDPOINT_PROTECTION" "HITRUST_CONFIGURATION_MANAGEMENT" "HITRUST_NETWORK_PROTECTION" "HITRUST_PORTABLE_MEDIA_SECURITY" "HITRUST_WIRELESS_SECURITY" "CUSTOM"  
 Example:  category=GDPR_CONTROLLER_AND_PROCESSOR&category=SOC_2_CONTROL_ACTIVITIES
subCategory
Array of strings or null
Filter requirements on their subcategory


 Enum: "ISO_MANAGEMENT_DIRECTION_FOR_INFORMATION_SECURITY" "ISO_INTERNAL_ORGANIZATION" "ISO27001_MOBILE_DEVICES_AND_TELEWORKING" "ISO27001_PRIOR_TO_EMPLOYMENT" "ISO_DURING_EMPLOYMENT" "ISO27001_TERMINATION_AND_CHANGE_OF_EMPLOYMENT" "ISO_RESPONSIBILITY_FOR_ASSETS" "ISO_INFORMATION_CLASSIFICATION" "ISO27001_MEDIA_HANDLING" "ISO_BUSINESS_REQUIREMENT_OF_ACCESS_CONTROL" "ISO_USER_ACCESS_MANAGEMENT" "ISO27001_USER_RESPONSIBILITIES" "ISO_SYSTEM_AND_APPLICATION_ACCESS_CONTROL" "ISO_CRYPTOGRAPHIC_CONTROLS" "ISO27001_SECURE_AREAS" "ISO_EQUIPMENT" "ISO_OPERATIONAL_PROCEDURES_AND_RESPONSIBILITIES" "ISO27001_PROTECTION_FROM_MALWARE" "ISO_BACKUP" "ISO_LOGGING_AND_MONITORING" "ISO27001_CONTROL_OF_OPERATIONAL_SOFTWARE" "ISO_TECHNICAL_VULNERABILITY_MANAGEMENT" "ISO27001_INFORMATION_SYSTEMS_AUDIT_CONSIDERATIONS" "ISO_NETWORK_SECURITY_MANAGEMENT" "ISO_INFORMATION_TRANSFER" "ISO_SECURITY_REQUIREMENTS_OF_INFORMATION_SYSTEMS" "ISO_SECURITY_IN_DEVELOPMENT_AND_SUPPORT_PROCESSES" "ISO27001_TEST_DATA" "ISO_INFORMATION_SECURITY_IN_SUPPLIER_RELATIONSHIPS" "ISO27001_SUPPLIER_SERVICE_DELIVERY_MANAGEMENT" "ISO_MANAGING_OF_INFORMATION_SECURITY_INCIDENTS_AND_IMPROVEMENTS" "ISO27001_INFORMATION_SECURITY_CONTINUITY" "ISO27001_REDUNDANCIES" "ISO_COMPLIANCE_WITH_LEGAL_AND_CONTRACTUAL_REQUIREMENTS" "ISO_INFORMATION_SECURITY_REVIEWS" "GDPR_TRANSPARENCY_AND_MODALITIES" "GDPR_INFORMATION_AND_ACCESS_TO_PERSONAL_DATA" "GDPR_RECTIFICATION_AND_ERASURE" "GDPR_RIGHT_TO_OBJECT_AND_AUTOMATED_INDIVIDUAL_DECISION_MAKING" "GDPR_GENERAL_OBLIGATIONS" "GDPR_SECURITY_OF_PERSONNEL_DATA" "GDPR_DATA_PROTECTION_IMPACT_ASSESSMENT_AND_PRIOR_CONSULTATION" "GDPR_DATA_PROTECTION_OFFICER" "CODES_OF_CONDUCT_AND_CERTIFICATION" "CCPA_RIGHT_TO_KNOW" "CCPA_RIGHT_TO_DELETE" "CCPA_RIGHT_TO_OPT_OUT" "CCPA_RIGHT_TO_NON_DISCRIMINATION" "ASSET_MANAGEMENT" "NISTCSF_BUSINESS_ENVIRONMENT" "GOVERNANCE" "SOX_ITGC_RISK_ASSESSMENT" "NISTCSF_RISK_MANAGEMENT_STRATEGY" "NISTCSF_SUPPLY_CHAIN_RISK_MANAGEMENT" "NISTCSF_IDENTITY_MANAGEMENT_AUTHENTICATION_AND_ACCESS_CONTROL" "AWARENESS_AND_TRAINING" "NISTCSF_DATA_SECURITY" "NISTCSF_INFORMATION_PROTECTION_PROCESSES_AND_PROCEDURES" "MAINTENANCE" "NISTCSF_PROTECTIVE_TECHNOLOGY" "NISTCSF_ANOMALIES_AND_EVENTS" "NISTCSF_SECURITY_CONTINUOUS_MONITORING" "NISTCSF_DETECTION_PROCESSES" "NISTCSF_RESPONSE_PLANNING" "NISTCSF_COMMUNICATIONS" "NISTCSF_ANALYSIS" "NISTCSF_MITIGATION" "NISTCSF_IMPROVEMENTS" "NISTCSF_RECOVERY_PLANNING" "ACCESS_CONTROL" "NIST800171R2_AUDIT_AND_ACCOUNTABILITY" "NIST800171R2_CONFIGURATION_MANAGEMENT" "NIST800171R2_IDENTIFICATION_AND_AUTHENTICATION" "NIST800171R2_INCIDENT_RESPONSE" "NIST800171R2_MEDIA_PROTECTION" "NIST800171R2_PERSONNEL_SECURITY" "NIST800171R2_PHYSICAL_PROTECTION" "NIST800171R2_SECURITY_ASSESSMENT" "NIST800171R2_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "NIST800171R2_SYSTEM_AND_INFORMATION_INTEGRITY" "CONTEXT_OF_THE_ORGANIZATION" "LEADERSHIP" "PLANNING" "SUPPORT" "OPERATION" "PERFORMANCE_EVALUATION" "IMPROVEMENT" "INFORMATION_SECURITY_POLICIES" "ORGANIZATION_OF_INFORMATION_SECURITY" "HUMAN_RESOURCE_SECURITY" "CRYPTOGRAHY" "PHYSICAL_AND_ENVIRONMENTAL_SECURITY" "OPERATIONS_SECURITY" "COMMUNICATIONS_SECURITY" "SYSTEM_ACQUISITION_DEVELOPMENT_AND_MAINTENANCE" "SUPPLIER_RELATIONSHIPS" "INFORMATION_SECURITY_INCIDENT_MANAGEMENT" "INFORMATION_SECURITY_ASPECTS_OF_BUSINESS_CONTINUITY_MANAGEMENT" "COMPLIANCE" "CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "OBLIGATIONS_TO_PII_PRINCIPLES" "PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "PII_SHARING_TRANSFER_AND_DISCLOSURE" "NISTCSF_ASSET_MANAGEMENT" "NISTCSF_RISK_ASSESSMENT" "NISTCSF_AWARENESS_AND_TRAINING" "NISTCSF_MAINTENANCE" "NIST800171R2_ACCESS_CONTROL" "NIST800171R2_AWARENESS_AND_TRAINING" "NIST800171R2_MAINTENANCE" "NIST800171R2_RISK_ASSESSMENT" "FFIEC_GOVERNANCE" "FFIEC_RISK_MANAGEMENT" "FFIEC_RESOURCES" "FFIEC_TRAINING_AND_CULTURE" "FFIEC_THREAT_INTELLIGENCE" "FFIEC_MONITORING_AND_ANALYZING" "FFIEC_INFORMATION_SHARING" "FFIEC_PREVENTATIVE_CONTROLS" "FFIEC_DETECTIVE_CONTROLS" "FFIEC_CORRECTIVE_CONTROLS" "FFIEC_CONNECTIONS" "FFIEC_RELATIONSHIP_MANAGEMENT" "FFIEC_INCIDENT_RESILIENCE_PLANNING_AND_STRATEGY" "FFIEC_DETECTION_RESPONSE_AND_MITIGATION" "FFIEC_ESCALATION_AND_REPORTING" "NISTSP80053_ACCESS_CONTROL" "NISTSP80053_AUDIT_AND_ACCOUNTABILITY" "NISTSP80053_IDENTIFICATION_AND_AUTHENTICATION" "NISTSP80053_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "NISTSP80053_AWARENESS_AND_TRAINING" "NISTSP80053_CONFIGURATION_MANAGEMENT" "NISTSP80053_CONTINGENCY_PLANNING" "NISTSP80053_INCIDENT_RESPONSE" "NISTSP80053_MAINTENANCE" "NISTSP80053_MEDIA_PROTECTION" "NISTSP80053_PHYSICAL_AND_ENVIRONMENTAL_PROTECTION" "NISTSP80053_PERSONNEL_SECURITY" "NISTSP80053_SYSTEM_AND_INFORMATION_INTEGRITY" "NISTSP80053_ASSESSMENT_AUTHORIZATION_AND_MONITORING" "NISTSP80053_PLANNING" "NISTSP80053_PROGRAM_MANAGEMENT" "NISTSP80053_PII_PROCESSING_AND_TRANSPARENCY" "NISTSP80053_RISK_ASSESSMENT" "NISTSP80053_SYSTEM_AND_SERVICES_ACQUISITION" "NISTSP80053_SUPPLY_CHAIN_RISK_MANAGEMENT" "CMMC_ACCESS_CONTROL" "CMMC_AUDIT_AND_ACCOUNTABILITY" "CMMC_IDENTIFICATION_AND_AUTHENTICATION" "CMMC_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "CMMC_AWARENESS_AND_TRAINING" "CMMC_CONFIGURATION_MANAGEMENT" "CMMC_INCIDENT_RESPONSE" "CMMC_MAINTENANCE" "CMMC_MEDIA_PROTECTION" "CMMC_PHYSICAL_PROTECTION" "CMMC_PERSONNEL_SECURITY" "CMMC_RECOVERY" "CMMC_SYSTEM_AND_INFORMATION_INTEGRITY" "CMMC_SECURITY_ASSESSMENT" "CMMC_RISK_MANAGEMENT" "ISO270172015_RELATIONSHIP_BETWEEN_CLOUD_SERVICE_CUSTOMER_AND_CLOUD_SERVICE_PROVIDER" "ISO270172015_ACCESS_CONTROL_OF_CLOUD_SERVICE_CUSTOMER_DATA_IN_SHARED_VIRTUAL_ENVIRONMENT" "FEDRAMP_ACCESS_CONTROL" "FEDRAMP_AWARENESS_AND_TRAINING" "FEDRAMP_AUDIT_AND_ACCOUNTABILITY" "FEDRAMP_SECURITY_ASSESSMENT_AND_AUTHORIZATION" "FEDRAMP_CONFIGURATION_MANAGEMENT" "FEDRAMP_CONTINGENCY_PLANNING" "FEDRAMP_IDENTIFICATION_AND_AUTHENTICATION" "FEDRAMP_INCIDENT_RESPONSE" "FEDRAMP_MAINTENANCE" "FEDRAMP_MEDIA_PROTECTION" "FEDRAMP_PHYSICAL_AND_ENVIRONMENTAL_PROTECTION" "FEDRAMP_PLANNING" "FEDRAMP_PERSONNEL_SECURITY" "FEDRAMP_RISK_ASSESSMENT" "FEDRAMP_SYSTEM_AND_SERVICES_ACQUISITION" "FEDRAMP_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "FEDRAMP_SYSTEM_AND_INFORMATION_INTEGRITY" "FEDRAMP_SUPPLY_CHAIN_RISK_MANAGEMENT" "FEDRAMP_ASSESSMENT_AUTHORIZATION_AND_MONITORING" "ISO270182019_CONSENT_AND_CHOICE" "ISO270182019_PURPOSE_LEGITIMACY_AND_SPECIFICATION" "ISO270182019_DATA_MINIMIZATION" "ISO270182019_USE_RETENTION_AND_DISCLOSURE_LIMITATION" "ISO270182019_ACCURACY_AND_QUALITY" "ISO270182019_ACCOUNTABILITY" "ISO270182019_INFORMATION_SECURITY" "ISO270182019_PRIVACY_COMPLIANCE" "ISO27701_ANNEX_B_CONDITIONS_FOR_COLLECTION_AND_PROCESSING" "ISO27701_ANNEX_B_OBLIGATIONS_TO_PII_PRINCIPLES" "ISO27701_ANNEX_B_PRIVACY_BY_DESIGN_AND_PRIVACY_BY_DEFAULT" "ISO27701_ANNEX_B_PII_SHARING_TRANSFER_AND_DISCLOSURE" "NISTCSF2_ORGANIZATIONAL_CONTEXT_GV_OC" "NISTCSF2_RISK_MANAGEMENT_STRATEGY_GV_RM" "NISTCSF2_ROLES_RESPONSIBILITIES_AND_AUTHORITIES_GV_RR" "NISTCSF2_POLICY_GV_PO" "NISTCSF2_OVERSIGHT_GV_OV" "NISTCSF2_CYBERSECURITY_SUPPLY_CHAIN_RISK_MANAGEMENT_GV_SC" "NISTCSF2_ASSET_MANAGEMENT_ID_AM" "NISTCSF2_RISK_ASSESSMENT_ID_RA" "NISTCSF2_IMPROVEMENT_ID_IM" "NISTCSF2_IDENTITY_MANAGEMENT_AUTHENTICATION_AND_ACCESS_CONTROL_PR_AA" "NISTCSF2_AWARENESS_AND_TRAINING_PR_AT" "NISTCSF2_DATA_SECURITY_PR_DS" "NISTCSF2_PLATFORM_SECURITY_PR_PS" "NISTCSF2_TECHNOLOGY_INFRASTRUCTURE_RESILIENCE_PR_IR" "NISTCSF2_CONTINUOUS_MONITORING_DE_CM" "NISTCSF2_ADVERSE_EVENT_ANALYSIS_DE_AE" "NISTCSF2_INCIDENT_MANAGEMENT_RS_MA" "NISTCSF2_INCIDENT_ANALYSIS_RS_AN" "NISTCSF2_INCIDENT_RESPONSE_REPORTING_AND_COMMUNICATION_RS_CO" "NISTCSF2_INCIDENT_MITIGATION_RS_MI" "NISTCSF2_INCIDENT_RECOVERY_PLAN_EXECUTION_RC_RP" "NISTCSF2_INCIDENT_RECOVERY_COMMUNICATION_RC_CO" "DORA_ICT_RISK_MANAGEMENT" "DORA_INFORMATION_SHARING_ARRANGEMENTS" "DORA_ICT_THIRD_PARTY_RISK_MANAGEMENT" "DORA_ICT_RELATED_INCIDENT_MANAGEMENT" "DORA_DIGITAL_OPERATIONAL_RESILIENCE_TESTING" "DORA_SIMPLIFIED_ICT_RISK_MANAGEMENT_FRAMEWORK" "DORA_HUMAN_RESOURCES_POLICY_AND_ACCESS_CONTROL" "DORA_ICT_SECURITY_POLICIES_AND_PROCEDURES" "DORA_ICT_RELATED_INCIDENT_DETECTION_AND_RESPONSE" "DORA_ICT_BUSINESS_CONTINUITY_MANAGEMENT" "DORA_ICT_RISK_MANAGEMENT_FRAMEWORK_REVIEW_REPORT" "NIST800171R3_INCIDENT_RESPONSE" "NIST800171R3_SUPPLY_CHAIN_RISK_MANAGEMENT" "NIST800171R3_MEDIA_PROTECTION" "NIST800171R3_AUDIT_AND_ACCOUNTABILITY" "NIST800171R3_ACCESS_CONTROL" "NIST800171R3_PHYSICAL_PROTECTION" "NIST800171R3_CONFIGURATION_MANAGEMENT" "NIST800171R3_SYSTEM_AND_COMMUNICATIONS_PROTECTION" "NIST800171R3_IDENTIFICATION_AND_AUTHENTICATION" "NIST800171R3_PLANNING" "NIST800171R3_MAINTENANCE" "NIST800171R3_RISK_ASSESSMENT" "NIST800171R3_SYSTEM_AND_INFORMATION_INTEGRITY" "NIST800171R3_SECURITY_ASSESSMENT_AND_MONITORING" "NIST800171R3_SYSTEM_AND_SERVICES_ACQUISITION" "NIST800171R3_AWARENESS_AND_TRAINING" "NIST800171R3_PERSONNEL_SECURITY"  
 Example:  subCategory=CODES_OF_CONDUCT_AND_CERTIFICATION&subCategory=ISO_COMPLIANCE_WITH_LEGAL_AND_CONTRACTUAL_REQUIREMENTS
level
string or null
The id of the level


 Enum: "SECURITY_LOW" "SECURITY_MODERATE" "SECURITY_HIGH" "LEVEL_1" "LEVEL_2" "BASELINE" "EVOLVING" "INTERMEDIATE" "ADVANCED" "INNOVATIVE" "SIMPLIFIED" "STANDARD" "IG1" "IG2" "IG3" "I1" "R2" "E1"  
 Example:  level=SECURITY_HIGH
customCategory
string or null
Filter requirements on their custom category


 
 Example:  customCategory=Custom Category 1
frameworkId
number
The framework ID


 
 Example:  frameworkId=1
workspaceId
number
ID of the Workspace. If this is not sent, it will default to the global workspace.


 
 Example:  workspaceId=1
Responses 
200
400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


get/frameworks/requirements
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": "1213123",
      • "name": "CC1.1",
      • "description": "The entity demonstrates a commitment to integrity and ethical values.",
      • "longDescription": "The entity demonstrates a commitment to integrity and ethical values.",
      • "additionalInfo": "The entity demonstrates a commitment to integrity and ethical values.",
      • "additionalInfo2": "The entity demonstrates a commitment to integrity and ethical values 2.",
      • "additionalInfo3": "The entity demonstrates a commitment to integrity and ethical values 3.",
      • "isReady": "true",
      • "rationale": "This requirement is not needed.",
      • "archivedAt": "2020-07-06",
      • "frameworkName": "SOC 2",
      • "controls": "ControlReadyType[]",
      • "totalInScopeControls": 6,
      • "frameworkId": 1
      }
    ],
  • "page": 1,
  • "limit": 10,
  • "total": 100
}