Documentation Index
Fetch the complete documentation index at: https://docs.matproof.com/llms.txt
Use this file to discover all available pages before exploring further.
Custom Frameworks
The Custom Frameworks editor lets you create and maintain compliance frameworks that aren’t shipped out of the box — national transpositions of EU regulations (e.g. country-specific DORA or NIS2 implementations), industry-specific standards (TISAX, CIS Controls, internal policies), or proprietary control sets your organization or auditors require. Custom frameworks behave exactly like built-in ones: they participate in cross-framework control mapping, support evidence automation, and produce audit-ready reports.When to Use Custom Frameworks
- National transposition layers — Add country-specific articles on top of an EU base framework (e.g. German BSI IT-Grundschutz on top of NIS2, Italian or French DORA national transposition)
- Industry standards — TISAX, CIS Controls, NIST SP 800-171, FedRAMP overlays, sector-specific schemes
- Internal control catalogs — Your own corporate security baseline, supplier code of conduct, ESG framework
- Auditor-requested frameworks — Custom control sets your auditor or regulator needs you to track
What You Can Build
A custom framework in Matproof has the same structure as a built-in one:| Object | Purpose |
|---|---|
| Framework | Top-level container — name, version, description, regulator/source |
| Requirements | The articles, controls, or clauses of the framework (e.g. “Article 9: Risk Management”) |
| Control Templates | Reusable controls that satisfy one or more requirements (e.g. “Quarterly access review”) |
| Policy Templates | Document templates that the framework requires (e.g. “Incident Response Policy”) |
| Task Templates | Recurring tasks that produce evidence (e.g. “Annual penetration test”, “Quarterly access review”) |
Building a Custom Framework
Define the framework metadata
Set the name, version, regulator/issuing body, jurisdiction, and a description. Choose whether the framework is mandatory or voluntary in your context.
Add requirements
Open the framework and add requirements one by one — each gets an identifier (e.g. “A.5.1”), a title, and a description. You can group requirements into chapters or domains.
Attach controls
For each requirement, attach one or more control templates. You can reuse controls already defined in built-in frameworks (so a single control can satisfy ISO 27001 A.5.15 and your custom framework’s section 3.2).
Attach policies and tasks
Optionally link policy templates and task templates to controls so the framework drives the right document and evidence creation when adopted.
Versioning
Custom frameworks are versioned. When the underlying regulation or standard changes, create a new version of the framework — Matproof tracks the diff between versions and lets you migrate adopted controls forward without losing evidence history.API Access
Every custom framework operation is also available via the REST API — useful when you maintain framework definitions in source control or want to sync them from an external system. Endpoints cover frameworks, requirements, controls, policies, and tasks.Limitations
- Custom frameworks count against your plan’s framework limit. See Plans & Pricing. Enterprise plans include unlimited custom frameworks.
- Cross-framework control mapping is automatic for controls you reuse across frameworks; Matproof does not auto-map between custom frameworks based on text similarity (you control the linkage explicitly).
Getting Started
Frameworks Overview
See built-in frameworks before deciding what to build custom
API Reference
Manage custom frameworks programmatically