⚠️ Select your experience
How to assess and manage individual controls depend on your interface version. Select a link to skip to the instructions for your version.
Customers who joined Drata on or after Feb 24, 2026 are automatically on the New Experience.
Instructions for the New Experience
The Controls page displays a table of all controls in your workspace and provides a centralized place to browse and manage them.
When you select a control, you can view and manage all information related to that control, including its evidence, monitoring tests, policies, framework mappings, and associated risks.
Each control includes the following tabs, which are covered in this guide: Overview, Evidence, Monitoring, Policies, Frameworks, and Risks.
Prerequisites
Appropriate permissions to view and manage controls
Access Controls
From the main application, go to Compliance > Controls to view the list of all controls. Then, select a control to view its details.
Overview Tab
The Overview tab provides a high-level summary of a control’s readiness and configuration.
From this tab, you can:
View readiness indicators for Evidence, Monitoring, Policies, and Approvals
Edit control information
Assign control owners
Manage required approvals
The top-level cards provide a snapshot of your control’s readiness. Selecting a card opens more detailed information.
These cards indicate whether evidence, monitoring tests, policies, or approvals are contributing to the control’s readiness. Items that are not factored into readiness do not positively or negatively affect the readiness score.
For Monitoring, the following test states are not factored into readiness:
Inactive
Not tested or disabled
Non-production
Erroring
Examples of issues that do affect readiness include:
Missing evidence artifacts
Policies that are not published
Required approvals that are still pending
Info
Use the Info section to:
Update the control’s name and description
View the control code
Clear and accurate descriptions help both internal teams and auditors understand what the control covers.
Owners
Assign one or more Control Owners who are responsible for maintaining the control, collecting evidence, monitoring tests, and supporting audits.
Required Approvals
Use Required Approvals to track reviews and approvals from key stakeholders. This demonstrates strong control governance and provides auditors with clear evidence of oversight.
Evidence Tab
The Evidence tab provides an at-a-glance view of all evidence linked to the control. From this tab, you can:
Link or unlink evidence
Create new evidence or map existing evidence from the Evidence Library
Create miscellaneous evidence that exists only on the control and is not added to the Evidence Library
Download evidence for reference or record-keeping
Select evidence to view additional details in the Evidence Library
Monitoring Tab
The Monitoring tab displays all monitoring tests mapped to the control, along with their pass or fail history.
From this tab, you can:
View test results
Download test information
Select tests to view more details
Map additional monitoring tests to the control
Policies Tab
The Policies tab displays all policies linked to the control.
From this tab, you can:
Download policies
Link additional policies
Unlink policies
Select a policy to view more details on the policy page
Frameworks Tab
The Frameworks tab shows all framework requirements mapped to the control.
From this tab, you can:
View mapped framework requirements
Map additional requirements from supported frameworks
Risks Tab
The Risks tab displays all risks associated with the control.
From this tab, you can:
Map additional risks
Update Impact and Likelihood values
Unlink risks
Select a risk to view more information
Internal Notes, Tasks, and Tickets
From the control view, you can manage internal notes, tasks, and tickets related to the control. These tools help teams track work, document context, and coordinate remediation efforts.
Instructions for the Classic Experience
If you’re in the new control experience, which applies to customers onboarded on or after July 2, 2025, or those who opted into Early Access, refer to Controls: Manage Control Details and Mappings
BEFORE DIVING IN
Admins, Information Security Leads, Workspace Managers, Control Managers, and DevOps Engineers have access to this section within Drata.
Workspace Managers, Control Managers, and DevOps Engineers may have limited access.
Control Info
To access control info, navigate to your Controls page and then select the control you want to view more information about. A drawer about that control will be displayed. Within the CONTROL INFO section, you can view the control name, code, owners, readiness, and description.
In the upper right corner of the drawer, you can mark your control out of scope or expand and close the drawer.
Mapped Requirements
Within the drawer, scroll down to view the MAPPED REQUIREMENTS section.
Select Add to map additional requirements.
A modal will open and present the requirements that can be mapped. Check the requirements that are applicable and save.
The screenshot shows multiple requirements that a framework might include.
These requirements represent security framework components that define necessary security functionality. They ensure various security properties are met, including the confidentiality, integrity, and availability of information being processed, stored, or transmitted.
They are derived from industry standards, applicable laws, and known vulnerabilities.
Requirements can apply in a variety of contexts, from high-level policy activities to low-level implementation tasks. They specify the functional, assurance, and strength characteristics of mechanisms, systems, or system elements.
If you select the current mapped requirements, you will see the option to either view the requirement (eye icon) or unmap (link icon) the requirement.
Automated Testing
Drata's Automated Control Testing provides continuous monitoring of your systems to assure your security posture and preparation for your audit. Select a control with Monitored enabled. On the control drawer, scroll to the AUTOMATED TESTING section to view the control tests that are linked to this control within Drata. Learn more about Drata's control tests here.
Control Evidence
Finally, within the drawer, scroll to the CONTROL EVIDENCE section to view the evidence linked to your control. Learn more about linking evidence to your controls here.