Controls
Manage security controls with the de.iterate SDK.
Overview
The controls resource provides operations for control definition, assessment, and compliance tracking.
List Controls
typescript
// List all controls
const controls = await client.controls.list();
// Filter by status
const activeControls = await client.controls.list({
filter: { status: 'active' }
});
// Filter by category
const accessControls = await client.controls.list({
filter: { category: 'Access Management' }
});Get Control
typescript
const control = await client.controls.get('control-123');
console.log(control.name);
console.log(control.status);
console.log(control.effectivenessRating);Create Control
typescript
const control = await client.controls.create({
name: 'Multi-Factor Authentication',
description: 'Require MFA for all user accounts',
category: 'Access Management',
type: 'preventive',
owner: 'security@company.com',
});Control Types
| Type | Description |
|---|---|
preventive | Prevents incidents from occurring |
detective | Detects incidents when they occur |
corrective | Corrects incidents after detection |
compensating | Alternative control when primary fails |
Update Control
typescript
const updated = await client.controls.update('control-123', {
status: 'active',
effectivenessRating: 'effective',
lastAssessedAt: new Date(),
});Delete Control
typescript
await client.controls.delete('control-123');Control Assessment
typescript
// Assess a control
await client.controls.assess('control-123', {
result: 'effective',
evidence: ['Evidence document link'],
notes: 'Control operating as designed',
assessedBy: 'auditor@company.com',
});
// Get assessment history
const assessments = await client.controls.getAssessments('control-123');Link to Frameworks
typescript
// Link control to framework requirement
await client.controls.linkFramework('control-123', {
frameworkId: 'iso27001',
requirementId: 'A.9.4.2',
});
// Get all framework mappings
const mappings = await client.controls.getFrameworkMappings('control-123');Control Types
typescript
interface Control {
id: string;
type: 'control';
name: string;
description?: string;
category?: string;
controlType?: 'preventive' | 'detective' | 'corrective' | 'compensating';
status?: 'draft' | 'active' | 'inactive' | 'deprecated';
owner?: string;
effectivenessRating?: 'effective' | 'partially_effective' | 'ineffective';
lastAssessedAt?: Date;
linkedRisks?: string[];
createdAt: Date;
updatedAt: Date;
}Examples
Control Coverage Report
typescript
async function controlCoverageReport() {
const controls = await client.controls.list();
const byStatus = {
active: 0,
inactive: 0,
draft: 0,
};
for (const control of controls.data) {
const status = control.status || 'draft';
if (status in byStatus) {
byStatus[status as keyof typeof byStatus]++;
}
}
console.log('Control Status:');
console.log(` ✅ Active: ${byStatus.active}`);
console.log(` ⏸️ Inactive: ${byStatus.inactive}`);
console.log(` 📝 Draft: ${byStatus.draft}`);
}Find Controls Needing Assessment
typescript
async function findControlsNeedingAssessment() {
const thirtyDaysAgo = new Date();
thirtyDaysAgo.setDate(thirtyDaysAgo.getDate() - 30);
const controls = await client.controls.list({
filter: {
status: 'active',
lastAssessedAt: { lt: thirtyDaysAgo.toISOString() },
},
});
console.log('Controls needing assessment:');
for (const control of controls.data) {
console.log(` • ${control.name}`);
}
}