Skip to main content
Framework Requirements

View and manage a framework's requirements.

Updated over 11 months ago

HERE'S WHY

In order to achieve and maintain compliance for each enabled framework, you need full visibility into the framework's requirements.

BEFORE DIVING IN

Administrators, information security leads, and workspace managers have access to this section within Drata.

HERE'S HOW

Each framework page provides high-level and detailed information about that framework, including overall framework readiness, a comprehensive list of requirements (and mapped controls as applicable), and detailed description of each requirement.

A summary dashboard at the top of the page highlights the framework description:

  • The overall readiness percentage

  • The total number of not ready in scope requirements

  • Total amount of ready in scope requirements

  • Total number of in scope controls mapped to requirements

The complete list of requirements provides a comprehensive view of that framework. Requirements and mapped controls are marked as 'Ready' (green checkmark) or 'Not Ready' (red 'X'). You can filter requirements by the specific framework categories (like SOC 2 TSC, HIPAA Rules) and by readiness status—'Ready' or 'Not Ready'—to gauge which requirements need your attention.

Each requirement is listed with all in-scope mapped controls. If no controls are mapped, zero (0) In-scope Controls is displayed. If a requirement isn't mapped to any controls, then it will be 'Not Ready'.

The ‘In-scope Controls’ calculation includes the total amount of controls that are mapped to any requirement that has been marked in-scope. For example, if DCF-117 is mapped to 3 requirements within a framework, and only one of the requirements is marked in-scope, that control will be considered ‘in-scope’. Inversely, if all requirements are marked out-of-scope, the control will be marked ‘out-of scope’ and the count will go down.

You can search for requirements, mark them in and our of scope, filter requirements, map controls to requirements, view details, and download CSV files for requirement and control mappings.

Select the requirement to view detailed information, map (or unmap) it to DCF or custom controls, or mark it in or out of scope. Controls that are 'Not Ready' are prioritized to the top of the list.

To view details of a mapped control, click on the eye icon and you'll be taken to the control detail drawer.

Did this answer your question?