Risks are potential events that could impact the security, reputation, and financial health of a company.
List all Risks
🔒 Requires Risk Management: List Risks permission.
💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.
Malformed data and/or validation errors
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
You must accept the Drata terms and conditions to use the API
Internal server error
{- "data": [
- {
- "id": 1,
- "riskId": "AC-04",
- "title": "Password Management - Password Cracking",
- "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
- "treatmentPlan": "UNTREATED",
- "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
- "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
- "completionDate": "2025-07-01T16:45:55.246Z",
- "score": 25,
- "residualScore": 9,
- "status": "ACTIVE",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "isReady": true,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "categories": [
- {
- "id": 1,
- "name": "Access Control",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "owners": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "reviewers": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "documents": [
- {
- "id": 1,
- "name": "Risk Assessment Report Q4 2023.pdf",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "notes": [
- {
- "id": 1,
- "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tickets": [
- {
- "id": 1,
- "externalTicketId": "ENG-11245",
- "isDone": false,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tasks": [
- {
- "id": 1,
- "title": "Review quarterly security policies",
- "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
- "dueDate": "2020-07-06",
- "completedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "customFields": [
- {
- "customFieldId": 1,
- "name": "Stakeholders",
- "value": "Security & IT"
}
]
}
], - "pagination": {
- "cursor": "string"
}
}
Create a new custom Risk in the Risk register.
🔒 Requires Risk Management: Create Risk permission.
💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.
Created
Malformed data and/or validation errors
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
There is a conflict in the business rules with this request
You must accept the Drata terms and conditions to use the API
Unprocessable Entity
Internal server error
{- "title": "Password Management - Weak Password Policies",
- "description": "Weak password policies may allow unauthorized access to organizational systems and data through password-based attacks such as brute force, dictionary attacks, or credential stuffing.",
- "identifiedAt": "2020-07-06",
- "impact": 4,
- "likelihood": 3,
- "treatmentPlan": "MITIGATE",
- "treatmentDetails": "Implement multi-factor authentication and enforce strong password complexity requirements across all systems.",
- "anticipatedCompletionDate": "2020-07-06",
- "completionDate": "2020-07-06",
- "residualImpact": 2,
- "residualLikelihood": 2,
- "status": "ACTIVE",
- "categories": [
- {
- "id": 1
}
], - "owners": [
- {
- "id": 1
}
], - "reviewers": [
- {
- "id": 1
}
], - "controls": [
- {
- "id": 1
}
]
}
{- "id": 1,
- "riskId": "AC-04",
- "title": "Password Management - Password Cracking",
- "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
- "treatmentPlan": "UNTREATED",
- "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
- "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
- "completionDate": "2025-07-01T16:45:55.246Z",
- "score": 25,
- "residualScore": 9,
- "status": "ACTIVE",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "isReady": true,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "categories": [
- {
- "id": 1,
- "name": "Access Control",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "owners": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "reviewers": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "documents": [
- {
- "id": 1,
- "name": "Risk Assessment Report Q4 2023.pdf",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "notes": [
- {
- "id": 1,
- "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tickets": [
- {
- "id": 1,
- "externalTicketId": "ENG-11245",
- "isDone": false,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tasks": [
- {
- "id": 1,
- "title": "Review quarterly security policies",
- "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
- "dueDate": "2020-07-06",
- "completedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "customFields": [
- {
- "customFieldId": 1,
- "name": "Stakeholders",
- "value": "Security & IT"
}
]
}
Get Risk
🔒 Requires Risk Management: Get Risk permission.
💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.
Successful
Malformed data and/or validation errors
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
Not Found
You must accept the Drata terms and conditions to use the API
Internal server error
{- "id": 1,
- "riskId": "AC-04",
- "title": "Password Management - Password Cracking",
- "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
- "treatmentPlan": "UNTREATED",
- "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
- "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
- "completionDate": "2025-07-01T16:45:55.246Z",
- "score": 25,
- "residualScore": 9,
- "status": "ACTIVE",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "isReady": true,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "categories": [
- {
- "id": 1,
- "name": "Access Control",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "owners": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "reviewers": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "documents": [
- {
- "id": 1,
- "name": "Risk Assessment Report Q4 2023.pdf",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "notes": [
- {
- "id": 1,
- "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tickets": [
- {
- "id": 1,
- "externalTicketId": "ENG-11245",
- "isDone": false,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tasks": [
- {
- "id": 1,
- "title": "Review quarterly security policies",
- "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
- "dueDate": "2020-07-06",
- "completedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "customFields": [
- {
- "customFieldId": 1,
- "name": "Stakeholders",
- "value": "Security & IT"
}
]
}
Update an existing Risk.
🔒 Requires Risk Management: Update Risk permission.
💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.
Successful
Malformed data and/or validation errors
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
Not Found
You must accept the Drata terms and conditions to use the API
Unprocessable Entity
Internal server error
{- "title": "Password Management - Weak Password Policies",
- "description": "Weak password policies may allow unauthorized access to organizational systems and data through password-based attacks such as brute force, dictionary attacks, or credential stuffing.",
- "identifiedAt": "2020-07-06",
- "impact": 4,
- "likelihood": 3,
- "treatmentPlan": "MITIGATE",
- "treatmentDetails": "Implement multi-factor authentication and enforce strong password complexity requirements across all systems.",
- "anticipatedCompletionDate": "2020-07-06",
- "completionDate": "2024-12-01",
- "residualImpact": 2,
- "residualLikelihood": 2,
- "status": "ACTIVE",
- "categories": [
- {
- "id": 1
}
], - "owners": [
- {
- "id": 1
}
], - "reviewers": [
- {
- "id": 1
}
], - "controls": [
- {
- "id": 1
}
]
}
{- "id": 1,
- "riskId": "AC-04",
- "title": "Password Management - Password Cracking",
- "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
- "treatmentPlan": "UNTREATED",
- "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
- "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
- "completionDate": "2025-07-01T16:45:55.246Z",
- "score": 25,
- "residualScore": 9,
- "status": "ACTIVE",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "isReady": true,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "categories": [
- {
- "id": 1,
- "name": "Access Control",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "owners": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "reviewers": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "documents": [
- {
- "id": 1,
- "name": "Risk Assessment Report Q4 2023.pdf",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "notes": [
- {
- "id": 1,
- "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tickets": [
- {
- "id": 1,
- "externalTicketId": "ENG-11245",
- "isDone": false,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tasks": [
- {
- "id": 1,
- "title": "Review quarterly security policies",
- "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
- "dueDate": "2020-07-06",
- "completedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "customFields": [
- {
- "customFieldId": 1,
- "name": "Stakeholders",
- "value": "Security & IT"
}
]
}