Changelog
Back to All

ControlMap API – Client Controls, Governance, Policies & Procedures Management

June 4th, 2026

Summary

This release significantly expands the ControlMap API with full lifecycle management for a client's compliance program. New endpoints let you create, read, update, delete, search, and manage relationships for Controls, Governance documents, Policies, and Procedures, plus read-and-map support for Evidence and relationship mapping for Action Items. Cross-client summary/overview endpoints are also introduced for dashboard-style reporting.

All changes are additive and backward compatible — no existing endpoints, fields, or schemas were changed or removed, and the regional server list is unchanged. Each new domain ships with its supporting request/response models (detail, summary, paginated-list, search, and patch schemas).

Changes

Controls

  • POST /controlmap/v1/clients/{client_id}/controls

    • N/A → Available
    • Type: addition
    • Notes: Create a control for a client.

  • GET /controlmap/v1/clients/{client_id}/controls/{control_id}

    • N/A → Available
    • Type: addition
    • Notes: Retrieve a single control by ID, including enriched detail.

  • PATCH /controlmap/v1/clients/{client_id}/controls/{control_id}

    • N/A → Available
    • Type: addition
    • Notes: Partially update a client control.

  • DELETE /controlmap/v1/clients/{client_id}/controls/{control_id}

    • N/A → Available
    • Type: addition
    • Notes: Delete a client control.

  • POST /controlmap/v1/clients/{client_id}/controls/search

    • N/A → Available
    • Type: addition
    • Notes: Search client controls with filtering and cursor pagination via the request body.

  • POST /controlmap/v1/clients/{client_id}/controls/{control_id}/mappings

    • N/A → Available
    • Type: addition
    • Notes: Map a control to policies, procedures, governance, risks, evidence, and action items.

  • POST /controlmap/v1/clients/{client_id}/controls/{control_id}/mappings/bulk-delete

    • N/A → Available
    • Type: addition
    • Notes: Remove control mappings (policies, procedures, governance, risk, evidence, action items) in a single bulk request.

  • GET /controlmap/v1/clients/{client_id}/control-families

    • N/A → Available
    • Type: addition
    • Notes: List the control families available to a client (paginated).

  • GET /controlmap/v1/clients/{client_id}/control-sets

    • N/A → Available
    • Type: addition
    • Notes: List the control sets available to a client (paginated).

  • GET /controlmap/v1/clients/{client_id}/controls-summary

    • N/A → Available
    • Type: addition
    • Notes: Control summary metrics (status counts, completion percentage) for a single client.

  • GET /controlmap/v1/clients/controls-summary

    • N/A → Available
    • Type: addition
    • Notes: Paginated control summary metrics across all partner clients, with filter[client.*] and sort support.

Governance

  • POST /controlmap/v1/clients/{client_id}/governance

    • N/A → Available
    • Type: addition
    • Notes: Create a governance document for a client.

  • GET /controlmap/v1/clients/{client_id}/governance/{governance_id}

    • N/A → Available
    • Type: addition
    • Notes: Retrieve a single client governance document.

  • PATCH /controlmap/v1/clients/{client_id}/governance/{governance_id}

    • N/A → Available
    • Type: addition
    • Notes: Partially update a client governance document.

  • DELETE /controlmap/v1/clients/{client_id}/governance/{governance_id}

    • N/A → Available
    • Type: addition
    • Notes: Delete a client governance document.

  • POST /controlmap/v1/clients/{client_id}/governance/search

    • N/A → Available
    • Type: addition
    • Notes: Search client governance documents with filtering and cursor pagination.

  • POST /controlmap/v1/clients/{client_id}/governance/{governance_id}/mappings

    • N/A → Available
    • Type: addition
    • Notes: Map governance to objectives, policies, and controls.

  • POST /controlmap/v1/clients/{client_id}/governance/{governance_id}/mappings/bulk-delete

    • N/A → Available
    • Type: addition
    • Notes: Remove governance mappings (objectives, policies, controls) in a single bulk request.

  • GET /controlmap/v1/clients/governance-summary

    • N/A → Available
    • Type: addition
    • Notes: Governance overview metrics across all partner clients.

Policies

  • POST /controlmap/v1/clients/{client_id}/policies

    • N/A → Available
    • Type: addition
    • Notes: Create a policy for a client.

  • GET /controlmap/v1/clients/{client_id}/policies/{policy_id}

    • N/A → Available
    • Type: addition
    • Notes: Retrieve a single client policy, including its sections.

  • PATCH /controlmap/v1/clients/{client_id}/policies/{policy_id}

    • N/A → Available
    • Type: addition
    • Notes: Partially update a client policy.

  • DELETE /controlmap/v1/clients/{client_id}/policies/{policy_id}

    • N/A → Available
    • Type: addition
    • Notes: Delete a client policy.

  • PUT /controlmap/v1/clients/{client_id}/policies/{policy_id}/sections

    • N/A → Available
    • Type: addition
    • Notes: Create or update a section within a policy.

  • POST /controlmap/v1/clients/{client_id}/policies/search

    • N/A → Available
    • Type: addition
    • Notes: Search client policies with filtering and cursor pagination.

  • POST /controlmap/v1/clients/{client_id}/policies/{policy_id}/mappings

    • N/A → Available
    • Type: addition
    • Notes: Map a policy to objectives and controls.

  • POST /controlmap/v1/clients/{client_id}/policies/{policy_id}/mappings/bulk-delete

    • N/A → Available
    • Type: addition
    • Notes: Remove policy mappings (objectives, controls) in a single bulk request.

  • GET /controlmap/v1/clients/policies-summary

    • N/A → Available
    • Type: addition
    • Notes: Policy overview metrics across all partner clients.

Procedures

  • POST /controlmap/v1/clients/{client_id}/procedures

    • N/A → Available
    • Type: addition
    • Notes: Create a procedure for a client.

  • GET /controlmap/v1/clients/{client_id}/procedures/{procedure_id}

    • N/A → Available
    • Type: addition
    • Notes: Retrieve a single client procedure.

  • PATCH /controlmap/v1/clients/{client_id}/procedures/{procedure_id}

    • N/A → Available
    • Type: addition
    • Notes: Partially update a client procedure.

  • DELETE /controlmap/v1/clients/{client_id}/procedures/{procedure_id}

    • N/A → Available
    • Type: addition
    • Notes: Delete a client procedure.

  • POST /controlmap/v1/clients/{client_id}/procedures/search

    • N/A → Available
    • Type: addition
    • Notes: Search client procedures with filtering and cursor pagination.

  • POST /controlmap/v1/clients/{client_id}/procedures/{procedure_id}/mappings

    • N/A → Available
    • Type: addition
    • Notes: Map a procedure to objectives, policies, and controls.

  • POST /controlmap/v1/clients/{client_id}/procedures/{procedure_id}/mappings/bulk-delete

    • N/A → Available
    • Type: addition
    • Notes: Remove procedure mappings (objectives, policies, controls) in a single bulk request.

  • GET /controlmap/v1/clients/procedures-summary

    • N/A → Available
    • Type: addition
    • Notes: Procedure overview metrics across all partner clients.

Evidence

  • GET /controlmap/v1/clients/{client_id}/evidences/{evidence_id}

    • N/A → Available
    • Type: addition
    • Notes: Retrieve a single evidence record by ID.

  • POST /controlmap/v1/clients/{client_id}/evidences/{evidence_id}/mappings

    • N/A → Available
    • Type: addition
    • Notes: Map evidence to objectives or controls.

Action Items

  • POST /controlmap/v1/clients/{client_id}/action-items/{action_item_id}/mappings
    • N/A → Available
    • Type: addition
    • Notes: Map an action item to objectives, questions, risks, controls, assets, or asset types.

Dates

  • Effective: [2026-06-04]