# Get Ratings for each mapped Compliance Control within an Industry Standard
source: https://developer.mastercard.com/riskrecon-api/documentation/testing/compliance-samples/retrve-a-std-cntrl-smpl/index.md

Allows you to fetch the count of issues and ratings for each assessment criteria associated with a particular risk standard control for the queried TOE and, custom or industry standard.

## Pre-requisites {#pre-requisites}

Refer to the [Retrieve Ratings for each mapped Compliance Control within an Industry Standard](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/compliance/retrve-rtngs-each-cntrl-ind-std/index.md) use case.

## Request URL for Sandbox environment {#request-url-for-sandbox-environment}

    https://api.sandbox.riskrecon.com/v1/compliance/controls/{toe_id}?risk_standard_id={valid_risk_standard_id}

## Request URL for Production environment {#request-url-for-production-environment}

    https://api.riskrecon.com/v1/compliance/controls/{toe_id}?risk_standard_id={valid_risk_standard_id}

## Test Cases {#test-cases}

### Test Case: Success - Retrieve an industry standard {#test-case-success---retrieve-an-industry-standard}

**Request**

Here is an example of a request made using a `curl` command.

```bash
curl -X 'GET' \
  'https://api.riskrecon.com/v1/compliance/controls/09918d09-8d52-4e86-a3ec-5ef4d461e2ba?risk_standard_id=1' \
  -H 'accept: application/json' \
  -H 'Authorization: valid_JWT_token' \'
```

**Response**

get:

```json
{
  "data": {
    "attributes": {
      "id": 1,
      "risk_standard": "NIST CSF 1.1",
      "risk_standard_controls": [
        {
          "description": "Incident alert thresholds are established",
          "id": 73,
          "risk_standard_control": "DE.AE-5",
          "security_criteria": [
            {
              "issue_count": 0,
              "issue_rate": null,
              "name": "threatintel_phishing_site",
              "rated": true,
              "rating": "a",
              "rating_numeric": 10,
              "total_count": null
            },
            {
              "issue_count": 1,
              "issue_rate": null,
              "name": "threatintel_hostile_host_hacking", 
              "rated": true,
              "rating": "a",
              "rating_numeric": 9.9,
              "total_count": null
            },
            {
              "issue_count": 0,
              "issue_rate": null,
              "name": "threatintel_botnet_host",
              "rated": true,
              "rating": "a",
              "rating_numeric": 10,
              "total_count": null
            },
            ......
          ]
        }
      ]
    } 
  }
}
```

### Test Case: Fail - Expired or invalid JWT {#test-case-fail---expired-or-invalid-jwt}

**Request**

Here is an example, using a `curl` command, of a request made with an expired JWT.

```bash
curl -X 'GET' \
  'https://api.riskrecon.com/v1/compliance/09918d09-8d52-4e86-a3ec-5ef4d461e2ba' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer e2ba' \'
```

**Response**

HTTP Error Response 401

```json
{
  "Errors": {
    "Error": [
      {
        "Description": "Unauthorized request",
        "Details": "Invalid JWT",
        "ReasonCode": "UNAUTHORIZED",
        "Recoverable": false,
        "Source": "RISKRECON_API"
      }
    ]
  }
}
```