Drata Help Center

Frameworks

Articles for mapping your controls to available security frameworks

43 articles

Frameworks - General

Framework Requirements

Marking Requirements In and Out of Scope

Framework Readiness

Level Picker for Frameworks with Tiered Requirements

CIS v8.1 Framework Overview

2023: CCPA Updates

CMMC Framework Updates

DORA ICT Risk Management Framework (RMF)

EU DORA Framework Overview

ISO 27701:2019 Framework Updates

ISO 27001:2013 Example ISMS Plan

Security Engineering Principles

Transition Guidance for ISO 27001:2013 to ISO 27001:2022

ISO 27001 Checklist

Question to ask a Potential ISO 27001 Certification Body (i.e. Auditor)

ISO 27001:2022 Example ISMS Plan

ISO 27001 Certification Review Template

ISO 27001 Background Check FAQs

ISO 42001 Framework Overview

NIST SP 800-171 Rev. 2

NIST SP 800-171 Rev. 2 Framework Updates

NIST SP 800-53 (Rev. 5) Control & Policy Mapping Updates

System Security Planning Policy Guidance

Example Evidence for Not Monitored PCI DSS Controls (3.2.1)

Required Documentation for PCI DSS

PCI DSS v4.0.1 Updates: What You Need to Know

Example Evidence for Not Monitored Controls (PCI DSS v4.0.1 )

What to look for when reviewing your draft SOC 2 report

Questions to ask a potential SOC 2 auditor

SOC 2 Background Checks FAQs

SOC 2 Trust Services Categories Overview

SOC 2 System Description

Reviewing Your Vendors' SOC 2 Reports Using Drata

SOC 2 Checklist

SOC 2 Type 1 vs Type 2: Which Audit Type Should I Choose

SOC 2: All controls

Set SOC 2 Trust Service Criteria to Security Only

What Is a SOC 2 Bridge Letter? [+ Template]

Create New Custom Framework

Custom Framework