> ## Documentation Index
> Fetch the complete documentation index at: https://docs.useanima.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# Get orgs compliancecontrols



## OpenAPI

````yaml /openapi.json get /orgs/{orgId}/compliance/controls
openapi: 3.1.1
info:
  title: Anima API
  version: 0.1.0
  description: >-
    The Anima API provides programmatic access to unified infrastructure for AI
    agents: create and manage agents; send and receive email; place phone calls
    and send/receive SMS and voice; store and retrieve vault credentials; manage
    agent identity; and configure webhooks for real-time events. Authenticate
    using a Bearer token or an API key passed via the X-API-Key header.
  contact:
    name: Anima Labs
    url: https://useanima.sh
    email: support@useanima.sh
  license:
    name: MIT
    url: https://opensource.org/licenses/MIT
servers:
  - url: https://api.useanima.sh/v1
    description: Production
security:
  - BearerAuth: []
  - ApiKeyAuth: []
tags:
  - name: Agents
    description: Create and manage AI agents with email and phone capabilities
  - name: Inboxes
    description: Manage email inboxes and their configurations
  - name: Messages
    description: Send, receive, and search email messages
  - name: Webhooks
    description: Register and manage webhook subscriptions for real-time events
  - name: Organizations
    description: Manage organizations and team settings
  - name: Domains
    description: Configure and verify custom email domains
  - name: Phone
    description: Manage phone numbers and SMS/voice capabilities
  - name: Invoices
    description: Track invoices, match receipts, and reconcile payments
  - name: Billing
    description: View usage, tiers, and billing information
  - name: Security
    description: Configure security policies and access controls
  - name: Vault
    description: Store and retrieve encrypted secrets
  - name: API Keys
    description: Create and manage API keys for programmatic access
paths:
  /orgs/{orgId}/compliance/controls:
    get:
      operationId: compliance.listControls
      parameters:
        - name: orgId
          in: path
          required: true
          schema:
            type: string
            description: Organization identifier
        - name: framework
          in: query
          required: false
          schema:
            enum:
              - SOC2
              - GDPR
              - PCI
            type: string
            description: Filter by framework
          allowEmptyValue: true
          allowReserved: true
        - name: category
          in: query
          required: false
          schema:
            enum:
              - CC1
              - CC2
              - CC3
              - CC4
              - CC5
              - CC6
              - CC7
              - CC8
              - CC9
              - A1
              - PI1
              - C1
              - P1
            type: string
            description: Filter by category
          allowEmptyValue: true
          allowReserved: true
        - name: status
          in: query
          required: false
          schema:
            enum:
              - NOT_STARTED
              - IN_PROGRESS
              - IMPLEMENTED
              - VERIFIED
              - FAILED
            type: string
            description: Filter by status
          allowEmptyValue: true
          allowReserved: true
        - name: cursor
          in: query
          required: false
          schema:
            type: string
            description: Pagination cursor
          allowEmptyValue: true
          allowReserved: true
        - name: limit
          in: query
          required: false
          schema:
            default: 50
            type: integer
            minimum: 1
            maximum: 100
            description: Maximum number of controls to return
          allowEmptyValue: true
          allowReserved: true
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  items:
                    type: array
                    items:
                      type: object
                      properties:
                        id:
                          type: string
                          description: Unique control identifier
                        orgId:
                          type: string
                          description: Organization identifier
                        framework:
                          enum:
                            - SOC2
                            - GDPR
                            - PCI
                          type: string
                          description: Compliance framework identifier
                        controlId:
                          type: string
                          description: Control identifier (e.g. CC1.1)
                        title:
                          type: string
                          description: Control title
                        description:
                          type: string
                          description: Control description
                        category:
                          enum:
                            - CC1
                            - CC2
                            - CC3
                            - CC4
                            - CC5
                            - CC6
                            - CC7
                            - CC8
                            - CC9
                            - A1
                            - PI1
                            - C1
                            - P1
                          type: string
                          description: Trust Service Criteria category
                        status:
                          enum:
                            - NOT_STARTED
                            - IN_PROGRESS
                            - IMPLEMENTED
                            - VERIFIED
                            - FAILED
                          type: string
                          description: Current status of the compliance control
                        owner:
                          anyOf:
                            - type: string
                            - type: 'null'
                          description: Owner responsible for this control
                        lastTestedAt:
                          anyOf:
                            - type: string
                            - type: 'null'
                          description: ISO 8601 timestamp of last test
                        nextReviewAt:
                          anyOf:
                            - type: string
                            - type: 'null'
                          description: ISO 8601 timestamp of next review
                        createdAt:
                          type: string
                          description: ISO 8601 creation timestamp
                        updatedAt:
                          type: string
                          description: ISO 8601 last update timestamp
                      required:
                        - id
                        - orgId
                        - framework
                        - controlId
                        - title
                        - description
                        - category
                        - status
                        - owner
                        - lastTestedAt
                        - nextReviewAt
                        - createdAt
                        - updatedAt
                      description: A compliance control record
                    description: List of compliance controls
                  nextCursor:
                    anyOf:
                      - type: string
                      - type: 'null'
                    description: Cursor for the next page, null if no more results
                required:
                  - items
                  - nextCursor
                description: Paginated list of compliance controls
components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        JWT Bearer token obtained from authentication. Pass as: Authorization:
        Bearer <token>
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
      description: 'API key for programmatic access. Pass as: X-API-Key: <your-key>'

````