# Retrieve Ratings for each Mapped Compliance Control within an Industry Standard
source: https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/compliance/retrve-rtngs-each-cntrl-ind-std/index.md

## Overview {#overview}

The `GET Compliance Controls` endpoint retrieves the ratings and count of issues detected for each assessment criteria for all the risk standard controls for the given TOE and risk standard.

The assessment criteria can be a security criterion or a security domain associated with the risk standard passed in the query parameter.

You must provide the `toe_id` in the API request and the `risk_standard_id` as the API query parameter to retrieve the mapped compliance ratings of a vendor for a particular risk standard.
Note: Execute the `GET Compliance` endpoint to find out the risk standard ID as required for this endpoint.   
A pictorial representation of the endpoint response can be seen in the \*\*Compliance\*\* tab of the \*\*RiskRecon web portal\*\*. Click the required industry standard to retrieve the ratings of all the assessment criteria associated with it.   

Here is an image showing the correlation between the endpoint response and the assessment details, as seen in the \*\*Compliance\*\* tab of the \*\*RiskRecon web portal\*\*.

![](https://static.developer.mastercard.com/content/riskrecon-api/uploads/compliance-controls-for-one-std.png)

## Sequence Diagram {#sequence-diagram}

The following diagram shows how to retrieve the count of issues and ratings for each assessment criterion associated with a particular risk standard control:
Diagram retrieve-compliance-control-one-std

## Execution Steps {#execution-steps}

The following steps describe how to retrieve the count of issues and ratings for each assessment criteria associated with a particular risk standard control:

1. The user sends a `GET` request to retrieve the count of issues and ratings for each assessment criterion associated with each risk standard control and provides the `toe_id` as the input parameter and the `risk_standard_id` as the query parameter.
2. RiskRecon provides the count of issues and ratings for each assessment criterion associated with a particular risk standard control for the queried TOE and risk standard.

## Sample Request and Response {#sample-request-and-response}

For a sample request and response of this API, see [Get Ratings for each mapped Compliance Control within an Industry Standard](https://developer.mastercard.com/riskrecon-api/documentation/testing/compliance-samples/retrve-a-std-cntrl-smpl/index.md).

## Use Case Example {#use-case-example}

The use case [Tracking mapped compliance ratings of a software vendor](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/compliance/retrve-rtngs-each-cntrl-ind-std/index.md#tracking-mapped-compliance-ratings-of-a-software-vendor) discusses how you can use the `GET Compliance Controls` endpoint to know if the vendor has positive indications of following Digital Operational Resilience Act (DORA) controls.

### Tracking mapped compliance ratings of a software vendor {#tracking-mapped-compliance-ratings-of-a-software-vendor}

An institution, that is a RiskRecon customer, is vetting a software vendor. The customer wants to know if the vendor has positive indicators against mapped DORA controls. The customer can use the `GET Compliance` endpoint first to retrieve the details about all the risk standards and their mapped ratings.

With these details, the customer can decide whether to investigate further about the vendor's DORA compliance mappings. The customer can retrieve the risk standard ID of DORA from the response of the `GET Compliance` endpoint.

The customer can now use the retrieved risk standard ID as the query parameter in the `GET Compliance Controls` endpoint to retrieve the vendor's ratings and issue count for this risk standard.

## Endpoint {#endpoint}


API Reference: `GET /v1/compliance/controls/{toe_id}`