GRC API
Verwalten Sie Compliance Controls, Nachweise, Risiken und Audits programmatisch.
Controls
Endpunkte
| Method | Endpoint | Beschreibung |
|---|---|---|
| GET | /api/v1/controls | Alle Controls auflisten |
| GET | /api/v1/controls/{id} | Control-Details abrufen |
| PATCH | /api/v1/controls/{id} | Control-Status aktualisieren |
| GET | /api/v1/controls/{id}/evidence | Control-Nachweise auflisten |
Controls auflisten
bash
GET /api/v1/controlsQuery-Parameter
| Parameter | Typ | Beschreibung |
|---|---|---|
framework | string | Filter: soc2, iso27001, pci-dss, hipaa, gdpr, nist-csf, dora |
status | string | Filter: not_started, in_progress, implemented, not_applicable |
category | string | Nach Control-Kategorie filtern |
Antwort
json
{
"items": [
{
"id": "ctrl_abc123",
"control_id": "CC6.1",
"name": "Logical and Physical Access Controls",
"description": "The entity implements logical access security...",
"status": "implemented",
"implementation_notes": "Access managed via Okta SSO...",
"frameworks": ["SOC 2", "ISO 27001"],
"evidence_count": 5,
"last_assessed": "2025-12-15T00:00:00Z",
"owner": "[email protected]"
}
],
"total": 89,
"page": 1,
"per_page": 20
}Control aktualisieren
bash
PATCH /api/v1/controls/{control_id}
Content-Type: application/json
{
"status": "implemented",
"implementation_notes": "Implemented using AWS IAM policies",
"owner": "[email protected]",
"next_review_date": "2026-06-01T00:00:00Z"
}Nachweise
Endpunkte
| Method | Endpoint | Beschreibung |
|---|---|---|
| GET | /api/v1/evidence | Alle Nachweise auflisten |
| POST | /api/v1/evidence | Neuen Nachweis hochladen |
| GET | /api/v1/evidence/{id} | Nachweis-Details abrufen |
| DELETE | /api/v1/evidence/{id} | Nachweis löschen |
| POST | /api/v1/evidence/{id}/link | Mit Controls verknüpfen |
Nachweise auflisten
bash
GET /api/v1/evidenceAntwort
json
{
"items": [
{
"id": "evd_abc123",
"name": "AWS IAM Policy Export",
"type": "document",
"file_type": "application/json",
"size_bytes": 45678,
"uploaded_by": "[email protected]",
"uploaded_at": "2025-12-20T14:00:00Z",
"linked_controls": ["CC6.1", "CC6.2", "A.9.1.1"],
"tags": ["access-control", "aws"],
"status": "approved"
}
],
"total": 234
}Nachweis hochladen
bash
POST /api/v1/evidence
Content-Type: multipart/form-data
file: <binary>
name: "Security Policy Document"
description: "Annual security policy review 2025"
control_ids: ["CC1.1", "A.5.1"]
tags: ["policy", "annual-review"]Antwort
json
{
"id": "evd_xyz789",
"name": "Security Policy Document",
"status": "pending_review",
"uploaded_at": "2025-12-21T15:00:00Z",
"scan_status": "clean"
}Risikoregister
Endpunkte
| Method | Endpoint | Beschreibung |
|---|---|---|
| GET | /api/v1/risks | Alle Risiken auflisten |
| POST | /api/v1/risks | Neues Risiko erstellen |
| GET | /api/v1/risks/{id} | Risiko-Details abrufen |
| PATCH | /api/v1/risks/{id} | Risiko aktualisieren |
| DELETE | /api/v1/risks/{id} | Risiko löschen |
Risiken auflisten
bash
GET /api/v1/risksAntwort
json
{
"items": [
{
"id": "risk_abc123",
"title": "Third-Party Data Breach",
"description": "Risk of data exposure through vendor systems",
"category": "third_party",
"likelihood": 3,
"impact": 5,
"inherent_score": 15,
"residual_score": 6,
"status": "mitigating",
"owner": "[email protected]",
"controls": ["CC9.2", "A.15.1.1"],
"treatment": "mitigate",
"review_date": "2026-01-15T00:00:00Z"
}
],
"total": 45
}Risiko erstellen
bash
POST /api/v1/risks
Content-Type: application/json
{
"title": "Cloud Service Outage",
"description": "Risk of service disruption due to cloud provider issues",
"category": "operational",
"likelihood": 2,
"impact": 4,
"owner": "[email protected]",
"controls": ["CC7.4", "A.17.1.1"],
"treatment": "mitigate",
"mitigation_plan": "Implement multi-region deployment..."
}Frameworks
Endpunkte
| Method | Endpoint | Beschreibung |
|---|---|---|
| GET | /api/v1/frameworks | Aktivierte Frameworks auflisten |
| GET | /api/v1/frameworks/{id} | Framework-Details abrufen |
| GET | /api/v1/frameworks/{id}/progress | Compliance-Fortschritt abrufen |
Framework-Fortschritt abrufen
bash
GET /api/v1/frameworks/soc2/progressAntwort
json
{
"framework": "SOC 2 Type II",
"overall_score": 78,
"by_category": {
"CC1": {"name": "Control Environment", "score": 85, "controls": 5, "implemented": 4},
"CC2": {"name": "Communication", "score": 80, "controls": 4, "implemented": 3},
"CC3": {"name": "Risk Assessment", "score": 75, "controls": 6, "implemented": 4},
"CC4": {"name": "Monitoring", "score": 70, "controls": 5, "implemented": 3},
"CC5": {"name": "Control Activities", "score": 80, "controls": 8, "implemented": 6},
"CC6": {"name": "Logical Access", "score": 90, "controls": 10, "implemented": 9},
"CC7": {"name": "System Operations", "score": 75, "controls": 6, "implemented": 4},
"CC8": {"name": "Change Management", "score": 70, "controls": 4, "implemented": 3},
"CC9": {"name": "Risk Mitigation", "score": 65, "controls": 3, "implemented": 2}
},
"gaps": [
{
"control_id": "CC4.2",
"name": "Monitoring Security Events",
"priority": "high",
"recommendation": "Implement SIEM solution"
}
]
}Lieferanten
Endpunkte
| Method | Endpoint | Beschreibung |
|---|---|---|
| GET | /api/v1/vendors | Alle Lieferanten auflisten |
| POST | /api/v1/vendors | Neuen Lieferanten hinzufügen |
| GET | /api/v1/vendors/{id} | Lieferanten-Details abrufen |
| PATCH | /api/v1/vendors/{id} | Lieferanten aktualisieren |
Lieferanten auflisten
bash
GET /api/v1/vendorsAntwort
json
{
"items": [
{
"id": "vendor_abc123",
"name": "AWS",
"category": "cloud_infrastructure",
"criticality": "critical",
"risk_level": "low",
"soc2_certified": true,
"iso27001_certified": true,
"last_assessment": "2025-11-01T00:00:00Z",
"next_review": "2026-05-01T00:00:00Z",
"contracts": 3,
"data_types": ["customer_data", "system_logs"]
}
],
"total": 28
}Audit-Engagements
Endpunkte
| Method | Endpoint | Beschreibung |
|---|---|---|
| GET | /api/v1/audits | Audit-Engagements auflisten |
| POST | /api/v1/audits | Audit-Engagement erstellen |
| GET | /api/v1/audits/{id} | Audit-Details abrufen |
| GET | /api/v1/audits/{id}/requests | Audit-Anfragen auflisten |
Audits auflisten
bash
GET /api/v1/auditsAntwort
json
{
"items": [
{
"id": "audit_abc123",
"name": "SOC 2 Type II 2025",
"framework": "SOC 2",
"auditor": "Big Four LLP",
"status": "in_progress",
"start_date": "2025-11-01",
"end_date": "2025-12-31",
"requests_total": 45,
"requests_completed": 32,
"progress": 71
}
],
"total": 3
}Compliance-Berichte
Bericht generieren
bash
POST /api/v1/reports
Content-Type: application/json
{
"type": "compliance_summary",
"framework": "soc2",
"format": "pdf",
"include_evidence": true,
"date_range": {
"from": "2025-01-01",
"to": "2025-12-31"
}
}Antwort
json
{
"id": "report_xyz789",
"status": "generating",
"estimated_completion": "2025-12-21T15:05:00Z"
}Bericht abrufen
bash
GET /api/v1/reports/{report_id}Wenn fertig:
json
{
"id": "report_xyz789",
"status": "completed",
"download_url": "https://storage.cyberorigen.com/reports/...",
"expires_at": "2025-12-22T15:00:00Z"
}