Skip to main content
Control Details

The control details drawer holds context and evidence of the control

Updated over 4 months ago

In preparation for your audit, you will put controls in place in order to demonstrate your company's security posture. This page allows you to link evidence directly to those controls in order to demonstrate accordance with the framework.

BEFORE DIVING IN

Admins, Information security leads, Workspace managers, Control managers, and DevOps engineer have access to this section within Drata. Workspace managers, control managers, and DevOps engineer might have limited access.

Control Info

To access control info, navigate to your Controls page and then select the control you would like to view more information about. A drawer about that control will be displayed. Within the CONTROL INFO section, you can view the control name, code, owners, readiness and description.

In the upper right corner of the drawer, you can mark your control out of scope or expand and close the drawer.

Mapped Requirements

Within the drawer, scroll down to view the MAPPED REQUIREMENTS section.

Select Add to map additional requirements.

A modal will open and present the requirements that can be mapped. Check the requirements that are applicable and save.

  • The screenshot below is a an example of requirements a framework might have. In the following image, these requirement refers to a security framework component that is a statement of needed security functionality that ensures one of many different security properties is being satisfied, and ensures the confidentiality, integrity, and availability of the information being processed, stored, or transmitted. It is derived from industry standards, applicable laws, and a history of past vulnerabilities. A requirement can be used in a variety of contexts from high-level policy-related activities to low-level implementation-related activities. It specifies the functional, assurance, and strength characteristics for a mechanism, system, or system element.

If you select the current mapped requirements you will see the option to either view the requirement (eye icon) or unmap (link icon) the requirement.

Automated Testing

Drata's Automated Control Testing provides continuous monitoring of your systems to assure your security posture and preparation for your audit. Select a control that has Monitored enabled. On the control drawer, scroll to the AUTOMATED TESTING section to view the control tests that are linked to this control within Drata. Learn more about Drata's control tests here.

Control Evidence

Finally, within the drawer, scroll to CONTROL EVIDENCE section to view the evidences that are linked to your control. Learn more about linking evidence to your controls here.

Did this answer your question?