# Retrieve Summary Ratings for all Industry Standards source: https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/compliance/retrve-summ-rtngs-all-ind-stds/index.md ## Overview {#overview} The `GET Compliance` endpoint retrieves several attributes of all the custom and industry risk standards associated with a given TOE, such as: * The risk standard IDs, their names, and descriptions * A count of each assessment criterion on the grading scale from A-F for each risk standard The assessment criteria can be a security criterion or a security domain associated with the risk standard. Since the controls for a risk standard often have the same domain and criteria listed multiple times under them, the endpoint groups by unique domain or criteria for each rating grade and provides their count. You must provide the `toe_id` in the API request to retrieve all the ratings for each compliance standard for a given vendor. For example, consider the data in the following images. Here, the count of security criteria with rating 'A' will be two, one each for 'Web Server Patching' and 'IOT Devices'. Although the criterion 'Web Server Patching' appears three times (once in each control), it is counted only once to avoid increasing the count due to duplication. Similarly, the count of security criteria with rating 'B' will also be two and those with rating 'D' and 'F' will be one. ![](https://static.developer.mastercard.com/content/riskrecon-api/uploads/id-ra-1.png) ![](https://static.developer.mastercard.com/content/riskrecon-api/uploads/id-ra-4.png) ![](https://static.developer.mastercard.com/content/riskrecon-api/uploads/pr-ip-1.png) Thus, you may receive a response for the 'rating_counts' array similar to the one shown here: ```json { "data": [ { "attributes": { "assess_count": 30, "description": null, "id": 1, "inform_count": 9, "is_public": true, "name": "NIST CSF 1.1", "rating_counts": [ { "count": 2, "rating": "a" }, { "count": 2, "rating": "b" }, { "count": 1, "rating": "d" }, { "count": 1, "rating": "f" }, ] } } ] } ``` ## Sequence Diagram {#sequence-diagram} The following diagram shows how to retrieve the summary ratings of all the risk standards for a TOE: Diagram retrieve-all-risk-standards ## Execution Steps {#execution-steps} The following steps describe how to retrieve the details of all the risk standards and the rating counts for each assessment criteria for a TOE: 1. The user sends a `GET` request with the `toe_id` as the input parameter to retrieve the summary of all the risk standards and the rating counts for each assessment criteria. 2. RiskRecon provides the summary of all the risk standards and the rating counts for each assessment criteria. ## Sample Request and Response {#sample-request-and-response} For a sample request and response of this API, see [Get Summary Ratings for all Industry Standards](https://developer.mastercard.com/riskrecon-api/documentation/testing/compliance-samples/retrve-summ-rtngs-all-stds-smpl/index.md). ## Use Case Example {#use-case-example} The use case [Tracking a vendor's positive indicators against a compliance standard](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/compliance/retrve-summ-rtngs-all-ind-stds/index.md#tracking-the-positive-indicators-against-a-compliance-standard-of-a-vendor) discusses how you can use the `GET Compliance` endpoint to know if the vendor has objective indications of following a given compliance standard. ### Tracking the positive indicators against a compliance standard of a vendor {#tracking-the-positive-indicators-against-a-compliance-standard-of-a-vendor} A RiskRecon customer is vetting a vendor and needs to know if the vendor has positive indications of following an industry compliance standard. The customer can use the `GET Compliance` endpoint to retrieve a list of custom and industry standards and see the vendor's mapped assessment ratings for all the industry standards. The data will help the customer to decide if they want to set up a business relationship with the vendor. ## Endpoint {#endpoint} API Reference: `GET /v1/compliance/{toe_id}`