Skip to main content

Map Controls to Policies with AI

Use AI suggestions to map policies to controls, reduce manual work, and keep compliance mappings accurate and up to date.

Updated this week

Drata’s AI-powered control suggestions help reduce the manual effort required to map controls to your policies. This feature is especially useful when working with custom policies or updating existing policies.

AI suggestions only run on approved or published policies. If your policy is in Draft or Needs approval status, you must publish it first.

Prerequisites

  • This feature is currently available for non-workspace customers only.

  • Roles: Admins, Guest administrators, Information security leads, Control Managers, Policy Managers

  • The policy must be in the approved or published state.

  • AI must be enabled in your Drata account.

    • Go to the Settings page, select AI Settings, and turn on the AI feature.

View AI Control Suggestions

  1. Select a policy you want to map to controls using AI.

  2. In the Overview tab, under Linked controls, the Suggestions area shows the controls that AI recommends based on the policy content.

  3. If no suggestions are displayed, select Suggest controls to run AI.

AI checks which controls are already linked. If a control is already mapped, it won’t be suggested again. You can add or ignore individual controls. Use the ellipsis menu to apply bulk actions like Add all or Ignore all.

Understand AI Control Suggestions Status

When AI runs, you may view one of the following statuses:

  • Generating suggestions: AI is analyzing the policy content to identify potential control mappings.

  • # Suggestions: AI has recommended one or more controls. You can review them and choose to link or ignore.

  • No suggestions found: This may occur for several reasons:

    • The policy is too short or too long

    • The policy format is incorrect

    • No relevant matches were found

    • The policy is in Draft or Needs approval status

    • Your account uses Workspaces

    • AI is not enabled by an Admin

Did this answer your question?