In preparation for your audit, you put controls in place to demonstrate your company's security posture. This page allows you to link evidence directly to those controls in order to demonstrate accordance with the framework.
BEFORE DIVING IN
Admins, Information Security Leads, Workspace Managers, Control Managers, and DevOps Engineers have access to this section within Drata.
Workspace Managers, Control Managers, and DevOps Engineers may have limited access.
Control Info
To access control info, navigate to your Controls page and then select the control you want to view more information about. A drawer about that control will be displayed. Within the CONTROL INFO section, you can view the control name, code, owners, readiness, and description.
In the upper right corner of the drawer, you can mark your control out of scope or expand and close the drawer.
Mapped Requirements
Within the drawer, scroll down to view the MAPPED REQUIREMENTS section.
Select Add to map additional requirements.
A modal will open and present the requirements that can be mapped. Check the requirements that are applicable and save.
The screenshot shows multiple requirements that a framework might include.
These requirements represent security framework components that define necessary security functionality. They ensure various security properties are met, including the confidentiality, integrity, and availability of information being processed, stored, or transmitted.
They are derived from industry standards, applicable laws, and known vulnerabilities.
Requirements can apply in a variety of contexts, from high-level policy activities to low-level implementation tasks. They specify the functional, assurance, and strength characteristics of mechanisms, systems, or system elements.
If you select the current mapped requirements, you will see the option to either view the requirement (eye icon) or unmap (link icon) the requirement.
Automated Testing
Drata's Automated Control Testing provides continuous monitoring of your systems to assure your security posture and preparation for your audit. Select a control with Monitored enabled. On the control drawer, scroll to the AUTOMATED TESTING section to view the control tests that are linked to this control within Drata. Learn more about Drata's control tests here.
Control Evidence
Finally, within the drawer, scroll to the CONTROL EVIDENCE section to view the evidence linked to your control. Learn more about linking evidence to your controls here.