In preparation for your audit, you will put controls in place in order to demonstrate your company's security posture. This page allows you to link evidence directly to those controls in order to demonstrate accordance with the framework.

Only account administrators or information security leads have access to this section within Drata.

Within the 'Control Details' drawer, you will see the 'Control Name', 'Control Code', 'Control Description', 'Control Question', and 'Control Activities'.

In the upper right corner of the drawer you will see the option to expand the drawer as well as an icon to mark the control out of scope for your audit.

You will also see the 'Mapped Requirements'. The requirement refers to a security framework component that is a statement of needed security functionality that ensures one of many different security properties is being satisfied, and ensures the confidentiality, integrity, and availability of the information being processed, stored, or transmitted. It is derived from industry standards, applicable laws, and a history of past vulnerabilities. A requirement can be used in a variety of contexts from high-level policy-related activities to low-level implementation-related activities. It specifies the functional, assurance, and strength characteristics for a mechanism, system, or system element.

If you click into the current mapped requirements you will see the option to either view the requirement (eye icon) or unmap (link icon) the requirement.

Directly from the drawer you can map additional requirements by selecting 'Add' next to the currently mapped requirements. A modal will open and present the requirements that can be mapped. Use the tick box next to the requirement to select one to map and click 'Save'.

Drata's Automated Control Testing provides continuous monitoring of your systems to assure your security posture and preparation for your audit. Under 'Automated Testing' you will find the control tests within Drata linked to the specific control you are viewing. Learn more about Drata's control tests here.

Finally, within the drawer you will find the 'Control Evidence', that is linked directly to the Control. Learn more about linking evidence to your controls here.

On the 'Control Detail' drawer, you also have the ability to map controls across multiple frameworks. You'll select 'Add' next to the framework you'd like to map to, a modal will open, and you can select those requirements you'd like to add from that framework.