Frameworks

Frameworks are collections of controls that are used to assess compliance with specific standards or regulations. The help docs have more information.

List Frameworks

Find Frameworks matching the provided filters.

🔒 Requires Frameworks: List Frameworks permission.

Securitybearer

Request

path Parameters

workspaceId

required

number

The Workspace ID associated to the Account

query Parameters

cursor	string This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a `pagination.cursor` value that can be used in the subsequent request to retrieve the next page of results
size	number [ 1 .. 500 ] Default: 50 Number of results to return
sort	string (SortTypeLimitedEnum) Which field to sort by Enum: "createdAt" "updatedAt"
sortDir	string (SortDirectionEnum) The direction to sort the data Enum: "ASC" "DESC"
includeTotalCount	boolean Default: false Include total count of all matching records in response. Only honored on first page (when cursor is null). Example: includeTotalCount=false
name	string Filter Frameworks by name (partial match) Example: name=SOC 2
excludeIds	Array of numbers Array of Framework IDs to exclude from results Example: excludeIds=1&excludeIds=2&excludeIds=3
isReady	boolean Filter Frameworks by ready state Example: isReady=true
isEnabled	boolean Filter Frameworks by enabled state Example: isEnabled=true

Responses

200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/workspaces/{workspaceId}/frameworks

Request samples

Response samples

application/json

{"data": [{"id": 123,
"name": "SOC 2",
"description": "Report on controls at a Service Organization",
"slug": "soc-2",
"tag": "SOC_2",
"pill": "SOC 2",
"numInScopeControls": 42,
"numInScopeRequirements": 42,
"numReadyInScopeRequirements": 35,
"isReady": true,
"isEnabled": true,
"color": "#174880",
"bgColor": "#E8F4FF",
"activeLogo": "https://cdn.acme.com/frameworks/soc2-active.svg",
"inactiveLogo": "https://cdn.acme.com/frameworks/soc2-inactive.svg",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"pagination": {"cursor": "string",
"totalCount": 0
}
}

List Framework Requirements

Find Framework Requirements matching the provided filters. Use expand[]=controls to include a limited subcollection of controls for each requirement.

🔒 Requires Frameworks: List Framework Requirements permission.

Securitybearer

Request

path Parameters

workspaceId

required

number

The Workspace ID associated to the Account

query Parameters

cursor	string This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a `pagination.cursor` value that can be used in the subsequent request to retrieve the next page of results
size	number [ 1 .. 500 ] Default: 50 Number of results to return
sort	string (SortTypeLimitedEnum) Which field to sort by Enum: "createdAt" "updatedAt"
sortDir	string (SortDirectionEnum) The direction to sort the data Enum: "ASC" "DESC"
includeTotalCount	boolean Default: false Include total count of all matching records in response. Only honored on first page (when cursor is null). Example: includeTotalCount=false
expand[]	Array of strings (FrameworkRequirementsExpandEnum) List of subcollections and sub-objects to expand Items Value: "controls"
isReady	boolean Filter Requirements that are or are not ready Example: isReady=false
isInScope	boolean Filter Requirements that are or are not in scope (not archived) Example: isInScope=true
frameworkTag	Array of strings (FrameworkTagEnum) Filter data by Requirements associated with these framework tags Items Enum: "NONE" "SOC_2" "ISO27001" "CCPA" "GDPR" "HIPAA" "PCI" "SCF" "NIST80053" "NISTCSF" "CMMC" "NIST800171" "MSSSPA" "FFIEC" "ISO27701" "COBIT" "SOX_ITGC" "ISO270012022" "CCM" "CYBER_ESSENTIALS" "ISO270172015" "ISO270182019" "FEDRAMP" "NISTAI" "PCI4" "NISTCSF2" "NIS2" "DORA" "ISO420012023" "DRATA_ESSENTIALS" "NIST800171R3" "CIS8" "CYBER_ESSENTIALS_32" "FEDRAMP20X" "HITRUST" "MSSSPA11" "ESSENTIAL_EIGHT" "NYDFS" "TISAX" "ISO270182025" "CUSTOM"
excludeIds	Array of numbers Exclude Requirements by array of IDs Example:
frameworkSlug	string Filter data by Requirements associated with these framework slugs. This parameter is intended to be used only for custom frameworks Example: frameworkSlug=slug

Responses

200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/workspaces/{workspaceId}/framework-requirements

Request samples

Response samples

application/json

{"data": [{"createdAt": "2025-07-01T16:45:55.246Z",
"description": "The entity demonstrates a commitment to integrity and ethical values.",
"frameworkName": "SOC 2",
"frameworkPill": "SOC 2",
"frameworkSlug": "SOC 2",
"frameworkTag": "SOC_2",
"id": 58,
"name": "PI1.2",
"updatedAt": "2025-07-01T16:45:55.246Z",
"additionalInfo": "The entity demonstrates a commitment to integrity.",
"additionalInfo2": "The entity demonstrates a commitment to ethical values.",
"additionalInfo3": "The entity demonstrates a commitment to enforcing policies.",
"archivedAt": "2025-07-01T16:45:55.246Z",
"externalId": "SOC 2",
"longDescription": "The entity demonstrates a commitment to integrity and ethical values.",
"rationale": "This requirement is not needed.",
"controls": {"data": [{"id": 1,
"code": "DCF-1001",
"isReady": true,
"controlNumber": 1,
"archivedAt": "2025-07-01T16:45:55.246Z"
}
],
"totalCount": 47
}
}
],
"pagination": {"cursor": "string",
"totalCount": 0
}
}