Frameworks

Frameworks are collections of controls that are used to assess compliance with specific standards or regulations. The help docs have more information.

List Frameworks

Find Frameworks matching the provided filters.

🔒 Requires Frameworks: List Frameworks permission.

Securitybearer
Request
path Parameters
workspaceId
required
number

The Workspace ID associated to the Account

query Parameters
cursor
string

This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a pagination.cursor value that can be used in the subsequent request to retrieve the next page of results

size
number [ 1 .. 500 ]
Default: 50

Number of results to return

sort
string (SortTypeLimitedEnum)

Which field to sort by

Enum: "createdAt" "updatedAt" "name"
sortDir
string (SortDirectionEnum)

The direction to sort the data

Enum: "ASC" "DESC"
includeTotalCount
boolean
Default: false

Include total count of all matching records in response. Only honored on first page (when cursor is null).

Example: includeTotalCount=false
name
string

Filter Frameworks by name (partial match)

Example: name=SOC 2
excludeIds
Array of numbers

Array of Framework IDs to exclude from results

Example: excludeIds=1&excludeIds=2&excludeIds=3
isReady
boolean

Filter Frameworks by ready state

Example: isReady=true
isEnabled
boolean

Filter Frameworks by enabled state

Example: isEnabled=true
Responses
200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/workspaces/{workspaceId}/frameworks
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": 123,
      • "name": "SOC 2",
      • "description": "Report on controls at a Service Organization",
      • "slug": "soc-2",
      • "tag": "SOC_2",
      • "pill": "SOC 2",
      • "numInScopeControls": 42,
      • "numInScopeRequirements": 42,
      • "numReadyInScopeRequirements": 35,
      • "isReady": true,
      • "isEnabled": true,
      • "color": "#174880",
      • "bgColor": "#E8F4FF",
      • "activeLogo": "https://cdn.acme.com/frameworks/soc2-active.svg",
      • "inactiveLogo": "https://cdn.acme.com/frameworks/soc2-inactive.svg",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "pagination": {
    • "cursor": "string",
    • "totalCount": 0
    }
}
List Framework Requirements
Find Framework Requirements matching the provided filters. Use expand[]=controls to include a limited subcollection of controls for each requirement. Use expand[]=customFields to include custom field values for each requirement.


🔒 Requires Frameworks: List Framework Requirements permission.


Securitybearer 
Request 
path Parameters
workspaceId
required
number
The Workspace ID associated to the Account


 
query Parameters
cursor
string
This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a pagination.cursor value that can be used in the subsequent request to retrieve the next page of results


 
size
number  [ 1 .. 500 ] 
 Default:  50
Number of results to return


 
sort
string (SortTypeLimitedEnum) 
Which field to sort by


 Enum: "createdAt" "updatedAt" "name"  
sortDir
string (SortDirectionEnum) 
The direction to sort the data


 Enum: "ASC" "DESC"  
includeTotalCount
boolean
 Default:  false
Include total count of all matching records in response. Only honored on first page (when cursor is null).


 
 Example:  includeTotalCount=false
expand[]
Array of strings (FrameworkRequirementsExpandEnum) 
List of subcollections and sub-objects to expand


Items Enum: "controls" "customFields"  
isReady
boolean
Filter Requirements that are or are not ready


 
 Example:  isReady=false
isInScope
boolean
Filter Requirements that are or are not in scope (not archived)


 
 Example:  isInScope=true
frameworkTag
Array of strings (FrameworkTagEnum) 
Filter data by Requirements associated with these framework tags


Items Enum: "NONE" "SOC_2" "ISO27001" "CCPA" "GDPR" "HIPAA" "PCI" "SCF" "NIST80053" "NISTCSF" "CMMC" "NIST800171" "MSSSPA" "FFIEC" "ISO27701" "COBIT" "SOX_ITGC" "ISO270012022" "CCM" "CYBER_ESSENTIALS" "ISO270172015" "ISO270182019" "FEDRAMP" "NISTAI" "PCI4" "NISTCSF2" "NIS2" "DORA" "ISO420012023" "DRATA_ESSENTIALS" "NIST800171R3" "CIS8" "CYBER_ESSENTIALS_32" "FEDRAMP20X" "HITRUST" "MSSSPA11" "ESSENTIAL_EIGHT" "NYDFS" "TISAX" "ISO270182025" "CCPA2026" "ISO277012025" "CPS230" "CUSTOM" "ALL"  
excludeIds
Array of numbers
Exclude Requirements by array of IDs


 
 Example:  
frameworkSlug
string
Filter data by Requirements associated with these framework slugs. This parameter is intended to be used only for custom frameworks


 
 Example:  frameworkSlug=slug
Responses 
200
Successful


400
Malformed data and/or validation errors


401
Invalid Authorization


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


get/workspaces/{workspaceId}/framework-requirements
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "description": "The entity demonstrates a commitment to integrity and ethical values.",
      • "frameworkName": "SOC 2",
      • "frameworkPill": "SOC 2",
      • "frameworkSlug": "SOC 2",
      • "frameworkTag": "SOC_2",
      • "id": 58,
      • "name": "PI1.2",
      • "updatedAt": "2025-07-01T16:45:55.246Z",
      • "additionalInfo": "The entity demonstrates a commitment to integrity.",
      • "additionalInfo2": "The entity demonstrates a commitment to ethical values.",
      • "additionalInfo3": "The entity demonstrates a commitment to enforcing policies.",
      • "archivedAt": "2025-07-01T16:45:55.246Z",
      • "externalId": "SOC 2",
      • "longDescription": "The entity demonstrates a commitment to integrity and ethical values.",
      • "rationale": "This requirement is not needed.",
      • "controls": {
        • "data": [
          • {
            • "id": 1,
            • "code": "DCF-1001",
            • "isReady": true,
            • "controlNumber": 1,
            • "archivedAt": "2025-07-01T16:45:55.246Z"
            }
          ],
        • "totalCount": 47
        },
      • "customFields": [
        • {
          • "customFieldId": 1,
          • "name": "Stakeholders",
          • "value": "Security & IT"
          }
        ]
      }
    ],
  • "pagination": {
    • "cursor": "string",
    • "totalCount": 0
    }
}
Update Framework Requirement
Update a Framework Requirement, including Custom Field values.


🔒 Requires Frameworks: Update Framework Requirement permission.


💎 Requires your account have the Custom Fields and Formulas feature. Contact your CSM for help upgrading.


Securitybearer 
Request 
path Parameters
workspaceId
required
number
The Workspace ID associated to the Account


 
frameworkRequirementId
required
number
 
Request Body schema: application/json
required
Array of objects (CustomFieldSubmitRequestPublicV2Dto) 
Custom Fields for the Requirement. 


💎 Requires your account have the Custom Fields and Formulas feature. Contact your CSM for help upgrading.


 
Responses 
200
Successful


400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


put/workspaces/{workspaceId}/framework-requirements/{frameworkRequirementId}
Request samples 
application/json
{
  • "customFields": [
    • {
      • "id": 1,
      • "name": "Compliance Status",
      • "value": "Security & IT"
      }
    ]
}
Response samples 
application/json
{
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "description": "The entity demonstrates a commitment to integrity and ethical values.",
  • "frameworkName": "SOC 2",
  • "frameworkPill": "SOC 2",
  • "frameworkSlug": "SOC 2",
  • "frameworkTag": "SOC_2",
  • "id": 58,
  • "name": "PI1.2",
  • "updatedAt": "2025-07-01T16:45:55.246Z",
  • "additionalInfo": "The entity demonstrates a commitment to integrity.",
  • "additionalInfo2": "The entity demonstrates a commitment to ethical values.",
  • "additionalInfo3": "The entity demonstrates a commitment to enforcing policies.",
  • "archivedAt": "2025-07-01T16:45:55.246Z",
  • "externalId": "SOC 2",
  • "longDescription": "The entity demonstrates a commitment to integrity and ethical values.",
  • "rationale": "This requirement is not needed.",
  • "controls": {
    • "data": [
      • {
        • "id": 1,
        • "code": "DCF-1001",
        • "isReady": true,
        • "controlNumber": 1,
        • "archivedAt": "2025-07-01T16:45:55.246Z"
        }
      ],
    • "totalCount": 47
    },
  • "customFields": [
    • {
      • "customFieldId": 1,
      • "name": "Stakeholders",
      • "value": "Security & IT"
      }
    ]
}