The 'Frameworks' page allows you to navigate to the specific security framework you are working towards. Drata allows you to pursue or maintain multiple security frameworks without duplicating efforts.
BEFORE DIVING IN
Only account administrators information security leads have access to this section within Drata.
Frameworks page overview
On the 'Frameworks' page, you will select the particular framework you'd like to review or work towards.
Drata currently supports two types of frameworks: (1) pre-mapped frameworks and (2) requirement-only frameworks.
Pre-mapped frameworks
Pre-mapped frameworks are mapped to DCF controls and include:
SOC 2
ISO 27001:2013
ISO 27001:2022
ISO 27017
ISO 27017 is add on to ISO 27001 and can be audited on ISO 27001.
ISO 27018
ISO 27018 is add on to ISO 27001 and can be audited on ISO 27001.
HIPAA
PCI DSS
GDPR
CCPA
NIST CSF
NIST 800-53
NIST AI RMF
UK Cyber Essentials
CCM
FedRAMP (in beta)
Requirement-only frameworks
Requirement-only frameworks are not pre-mapped to DCF controls, however you can easily map them to any DCF control you already have or to custom controls. These frameworks include:
ISO 27701
Microsoft SSPA
NIST 800-171
FFIEC
CMMC
SOX ITGC
COBIT
Additional information
To learn more about framework requirements and mapping controls to requirements here.
If you'd like to learn more about expanding your usage of Drata to include SOC 2, ISO 27001:2013, ISO 27001:2022, HIPAA, PCI DSS, GDPR, CCPA, ISO 27701, Microsoft SSPA, NIST CSF, NIST 800-171, NIST 800-53, FFIEC, CMMC, SOX ITGC or COBIT, please contact your Customer Success Manager.