Skip to main content

Custom Framework

This article covers creating and managing Custom Frameworks.

Updated over a week ago

Custom Frameworks allow you to generate your own framework and associated requirements. Once created, custom frameworks support the same functionality as regular frameworks.

Create a Custom Framework

  1. In Drata, go to the Frameworks page.

  2. In the upper-right corner, select Create new custom framework.

  3. Enter your framework details:

    • Name: This name appears on the Frameworks page.

    • Short name: This short name is used for filters on the Controls page.

    • Description: This description appears at the top of the specific framework overview page.

  4. (Optional) Upload your requirements. You can also add them later.

    • Download and review the provided template.

    • Replace the template data with your own requirements.

    • Ensure that your template data follows the requirements and control mapping guidelines.

Requirements and control mapping guidelines

When uploading requirements or mapping controls, you must:

  • Use the exact column headers from the template. The spelling, spacing, and capitalization must match exactly.

  • The following special characters aren't allowed anywhere in the CSV file:

    < > \

  • Code and Name columns are required.

    • The Code must be unique—both within the file and compared to any existing requirements in Drata.

    • Rows with duplicate codes will be skipped.

  • Category (Optional) column:

    • Only one category is allowed per requirement.

  • Control Mapping (Optional) column:

    • To map controls during import, add a comma-separated list of control codes (for example, DCF-1, DCF-2, DCF-3) in the Control Mapping column.

    • All control codes you want to map must meet all of the following criteria before importing:

      • The control exists in Drata.

      • The control is enabled. (If you can't find a control, contact Drata Support.)

      • The control is in scope.

    • If a control that you would like to map does not meet all these criteria, the entire requirement row will be skipped. That requirement won't be created, and no controls in that row will be mapped.

Upload and confirm

  1. Save and upload the CSV file.

  2. Select Next.

  3. Confirm the upload.

    • Review the number of requirements that will be imported.

    • Review any skipped requirements and fix formatting issues as needed.

  4. Select Save.

Your custom framework is now ready. You can begin mapping additional controls or adding more requirements.

Add individual requirement

To add a requirement to your custom framework:

  1. Go to your custom framework.

  2. Near the upper-right corner of the table, select the gear icon ().

  3. Select Add requirement.

  4. Enter the requirement details.

  5. Select Save.

Upload multiple requirement

To bulk upload requirements to a custom framework:

  1. Go to your custom framework.

  2. Near the upper-right corner of the table, select the gear icon ().

  3. Select Upload requirements.

  4. Download and review the provided template.

  5. Replace and upload the template data with your own requirements.

    • Your template date must follow the previous Requirements and control mapping guidelines section.

  6. Select Next.

  7. Confirm the upload.

    • Review how many requirements will be imported.

    • Review any skipped requirements and address formatting issues as needed.

  8. Select Save.

Note: Re-upload will only upload requirements that do not already exist in Drata. Any updates to existing requirements should be done within Drata.

Edit a requirement

To edit a requirement in your custom framework:

  1. Go to your custom framework.

  2. Select the requirement you want to edit.

  3. Select the edit icon and update the requirement details as needed.

  4. Select Save.

Update multiple requirement categories

To change the category for multiple requirements:

  1. Go to your custom framework.

  2. Select the checkboxes next to the requirements you want to update.

  3. At the top of the table, select Change category.

    • Each requirement can have only one category.

    • This action updates all the existing category for all selected requirements.

  4. Save your changes.

Mark an individual requirement out of scope

To mark a requirement as out of scope:

  1. Go to your custom framework.

  2. Select the requirement you want to update.

  3. In the upper-right corner, select the trash bin icon (the tooltip will display Mark out of scope).

  4. Enter a business rationale.

  5. Select Submit.

Delete requirements

To delete one or more requirements from a custom framework:

  1. Go to your custom framework.

  2. Select the checkboxes next to the requirements you want to delete.

  3. At the top of the table, select Delete.

  4. Confirm the deletion.

Edit framework details

To update the details of a custom framework:

  1. Go to your custom framework.

  2. In the upper-right corner of the list, select the gear icon.

  3. Select Edit details.

  4. Update the framework details as needed.

  5. Select Save.

Delete a custom framework

To delete a custom framework:

  1. Go to your custom framework.

  2. Select the gear icon in the upper-right corner of the list.

  3. Select Edit details.

  4. In the framework details pane, select the More options icon ().

  5. Select Delete framework.

  6. Confirm the deletion.

Troubleshooting tip:
If you're unable to delete the framework, verify your existing dependencies. A framework can't be deleted if it's linked to:

  • Auditors

  • Mapped controls

  • Requirements

Utilize a Custom Framework

Explore the Frameworks section for more information

Did this answer your question?