Skip to main content
All CollectionsFrameworksCreate New Custom Framework
Custom Framework
Custom Framework

This article covers creating and managing Custom Frameworks.

Updated over a month ago

HERE'S WHY

Custom Frameworks allow you to generate your own framework and associated requirements. Once created, custom frameworks support the same functionality as regular frameworks.

HERE'S HOW

Creating a new Custom Framework

  • Navigate to the Drata portal and login

  • Open the ‘Frameworks’ page under ‘Compliance’

  • In the top right of your screen, click on ‘+ New Framework’

  • Enter Your Framework Details

    • Give the framework a name

    • Choose a short name (this will be used in filters and on the ‘Controls’ page)

    • Provide a description of the Framework

  • Upload Your Requirements (optional)

    • Download and review the template

    • Replace the template data with your own requirements

    • NOTE: Ensure you utilize the exact column headers provided in the template (spelling, spacing, capitalization, etc.)

    • Please take special note of the following requirements for uploading requirements and mapping those requirements to controls.

      • The following special characters (<>\) are not allowed anywhere in the CSV.

      • Code and name are required.

      • Code must be unique both within the file itself and considering any existing requirements that already exist for this framework in Drata, or the row(s) with duplicate requirement codes will be skipped.

      • All other fields are optional.

      • You can only choose one category per requirement.

      • If you want to map controls during the requirement import, you may add a comma separated list of control codes (e.g. DCF-1,DCF-2,DCF-3) in Control Mapping column.

      • All control codes you are looking to map must meet all three of the following criteria before importing your custom framework requirements:

        1. They must exist in Drata

        2. They must be enabled (please reach out to our Support team if you cannot find a control you expect to map

        3. They must be in scope

      • If a mapped control fails to meet any one of those criteria, the entire requirement row containing that control will be skipped. The requirement in that row will not be created, and no controls in that row will be mapped.

  • Save and upload the file with your requirements

    • Click ‘Next’

  • Confirm Upload

    • Review how many requirements will be imported and any requirements that were skipped due to formatting issues

    • Click ‘Save’

  • Congratulations! Your Framework is ready, and you can now start mapping (additional) controls or adding more requirements

Adding an Individual Requirement

  • Navigate to your Custom Framework

  • Click on the gear icon at the top right of the list

  • Click on ‘Add Requirement’

  • Complete the requirement details and save

Bulk Uploading Requirements

  • Navigate to your Custom Framework

  • Click on the gear icon at the top right of the list

  • Click on ‘Upload Requirements’

  • Upload Your Requirements

    • Download and review the template

    • Replace the template data with your own requirements

      • Code and name are required

      • All other field are optional

      • You can only choose one category per requirement

    • Save and upload the file with your requirements

    • Click ‘Next’

  • Confirm Upload

    • Review how many requirements will be imported and any requirements that were skipped due to formatting issues

    • Click ‘Save’

    Note: Re-upload will only upload requirements that do not already exist in Drata. Any updates to existing requirements should be done within Drata.

Editing Requirements

  • Navigate to your Custom Framework

  • Find the requirement you wish to edit and open it

  • Click on the edit icon at the top right

  • Edit the requirement details and save

Bulk Updating Requirement Category

  • Navigate to your Custom Framework

  • Select the requirements you wish to update with the checkboxes

  • Click ‘Change Category’ at the top of the table

    Note: This will replace the category on all selected requirements since you can only have one category per requirement.

  • Save your change

Marking an Individual Requirement Out of Scope

  • Navigate to your Custom Framework

  • Find the requirement you wish to edit and click to open its drawer

  • Click on the trash bin icon at the top right (when you hover it says "Mark Out of Scope")

  • Provide a business rationale and submit

Deleting Requirements

  • Navigate to your Custom Framework

  • Select the requirements you wish to delete with the checkboxes

  • Click ‘Delete’ at the top of the table

  • Confirm your deletion

Editing Framework Details

  • Navigate to your Custom Framework

  • Click on the gear icon at the top right of the list

  • Click on ‘Edit Details’

  • Edit the requirement details and save

Deleting a Custom Framework

  • Navigate to your Custom Framework

  • Click on the gear icon at the top right of the list

  • Click on ‘Edit Details’

  • Click on the kebab icon at the top of the framework details drawer then ‘Delete Framework’

  • Confirm your deletion

Utilizing a Custom Framework

Explore the Frameworks section for more information

Did this answer your question?