intuitem / ciso-assistant-community

Star the project 🌟 to get releases notification and help growing the community! intuitem.com · SaaS Free trial · Roadmap · Docs · Languages · Discord · Frameworks CISO Assistant offers a fresh perspective on Cybersecurity Management and **GRC** (Governance, Risk, and Compliance) practices: • Designed as a central hub to connect multiple cybersecurity concepts with smart linking between objects, • Built as a **multi-paradigm** tool that adapts to different backgrounds, methodologies, and expectations, • Explicitly **decouples** compliance from cybersecurity controls, enabling reusability across the platform, • Promotes **reusability** and interlinking instead of redundant work, • Developed with an **API-first** approach to support both UI interaction and external **automation**, • Comes packed with a wide range of built-in standards, security controls, and threat libraries, • Offers an **open format** to customize and reuse your own objects and frameworks, • Includes built-in **risk assessment** and **remediation tracking** workflows, • Supports custom frameworks via a simple syntax and flexible tooling, • Provides rich **import/export** capabilities across various channels and formats (UI, CLI, Kafka, reports, etc.). Our vision is to create a **one-stop-shop** for cybersecurity management—modernizing GRC through **simplification** and **interoperability**. As practitioners working with cybersecurity and IT professionals, we've faced the same issues: tool fragmentation, data duplication, and a lack of intuitive, integrated solutions. CISO Assistant was born from those lessons, and we're building a community around **pragmatic**, **common-sense** principles. We’re constantly evolving with input from users and customers. Like an octopus 🐙, CISO Assistant keeps growing extra arms—bringing clarity, automation, and productivity to cybersecurity teams while reducing the effort of data input and output. --- Quick Start 🚀 > [!TIP] > The easiest way to get started is through the free trial of cloud instance available here. Alternatively, once you have _Docker_ and _Docker-compose_ installed, on your workstation or server: clone the repo: and run the starter script If you are looking for other installation options for self-hosting, check the config builder and the docs. > [!NOTE] > The docker-compose script uses prebuilt Docker images supporting most of the standard hardware architecture. > If you're using **Windows**, Make sure to have WSL installed and trigger the script within a WSL command line. It will feed Docker Desktop on your behalf. The docker compose file can be adjusted to pass extra parameters to suit your setup (e.g. Mailer settings). > [!WARNING] > If you're getting warnings or errors about image's platform not matching host platform, raise an issue with the details and we'll add it shortly after. You can also use instead (see below) to build for your specific architecture. > [!CAUTION] > Don't use the branch code directly for production as it's the merge upstream and can have breaking changes during our development. Either use the for stable versions or prebuilt images. --- Features Upcoming features are listed on the roadmap. CISO Assistant is developed and maintained by Intuitem, a company specialized in Cybersecurity, Cloud, and Data/AI. --- Core Concepts Here’s an extract of some of the building blocks in CISO Assistant to illustrate the decoupling concept that encourages reusability: For full details, check the data model documentation. --- Decoupling Concept At the heart of CISO Assistant lies the **decoupling principle**, which enables powerful use cases and major time savings: • Reuse past assessments across scopes or frameworks, • Evaluate a single scope against multiple frameworks simultaneously, • Let CISO Assistant handle reporting and consistency checks so you can focus on remediation, • Separate control implementation from compliance tracking. Here is an illustration of the **decoupling** principle and its advantages: System architecture End-user Documentation Check out the online documentation on . Supported frameworks 🐙 • ISO 27001:2013 & 27001:2022 🌐 • NIST Cyber Security Framework (CSF) v1.1 🇺🇸 • NIST Cyber Security Framework (CSF) v2.0 🇺🇸 • NIS2 🇪🇺 • SOC2 🇺🇸 • PCI DSS 4.0.1 💳 • CMMC v2 🇺🇸 • PSPF 🇦🇺 • General Data Protection Regulation (GDPR): Full text and checklist from GDPR.EU 🇪🇺 • Essential Eight 🇦🇺 • NYDFS 500 with 2023-11 amendments 🇺🇸 • DORA (Act, RTS, ITS and GL) 🇪🇺 • NIST AI Risk Management Framework 🇺🇸🤖 • NIST SP 800-53 rev5 🇺🇸 • France LPM/OIV rules 🇫🇷 • CCB CyberFundamentals Framework 🇧🇪 • NIST SP-800-66 (HIPAA) 🏥 • HDS/HDH 🇫🇷 • OWASP Application Security Verification Standard (ASVS) 4 🐝🖥️ • RGS v2.0 🇫🇷 • AirCyber ✈️🌐 • Cyber Resilience Act (CRA) 🇪🇺 • TIBER-EU 🇪🇺 • NIST Privacy Framework 🇺🇸 • TISAX (VDA ISA) v5.1 and v6.0 🚘 • ANSSI hygiene guide 🇫🇷 • Essential Cybersecurity Controls (ECC) 🇸🇦 • CIS Controls v8\* 🌐 • CSA CCM (Cloud Controls Matrix)\* ☁️ • FADP (Federal Act on Data Protection) 🇨🇭 • NIST SP 800-171 rev2 (2021) 🇺🇸 • ANSSI : recommandations de sécurité pour un système d'IA générative 🇫🇷🤖 • NIST SP 800-218: Secure Software Development Framework (SSDF) 🖥️ • GSA FedRAMP rev5 ☁️🇺🇸 • Cadre Conformité Cyber France (3CF) v1 (2021) ✈️🇫🇷 • ANSSI : SecNumCloud ☁️🇫🇷 • Cadre Conformité Cyber France (3CF) v2 (2024) ✈️🇫🇷 • ANSSI : outil d’autoévaluation de gestion de crise cyber 💥🇫🇷 • BSI: IT-Grundschutz-Kompendium 🇩🇪 • NIST SP 800-171 rev3 (2024) 🇺🇸 • ENISA: 5G Security Controls Matrix 🇪🇺 • OWASP Mobile Application Security Verification Standard (MASVS) 🐝📱 • Agile Security Framework (ASF) - baseline - by intuitem 🤗 • ISO 27001:2013 🌐 (For legacy and migration) • EU AI Act 🇪🇺🤖 • FBI CJIS 🇺🇸👮 • Operational Technology Cybersecurity Controls (OTCC) 🇸🇦 • Secure Controls Framework (SCF) 🇺🇸🌐 • NCSC Cyber Assessment Framework…