Drata gives you the flexibility to create your own controls and map them to requirements and evidence. This allows you to have greater management of your compliance programs within Drata.

Only account administrators or information security lead have access to this functionality within Drata.

Click on the 'Create New Control' button at top of the Controls page.

Note: The 'Controls' page on the left navigation will only be present for tenants with access to more than one framework.

The 'Create New Control' drawer will slide open. Fill out the 'Control Info'. The following fields are required:

You can optionally enter a Control Question and Control Activities.

Next, map the control to one or more framework requirements.

Select the requirements. Please note that controls must be mapped to at least one requirement.

Finally, you can optionally add evidence for a control by linking policies and reports within Drata, or uploading external files. You can always link (or unlink) this evidence after the control is created. Learn more about linking evidence to controls here.

Select 'Save' to create your control.