CISO Assistant is a comprehensive Governance, Risk, and Compliance (GRC) platform designed for cybersecurity and IT professionals. It aims to simplify GRC practices by providing a centralized hub for managing risks, application security, compliance, and privacy, supporting over 90 global frameworks with automated mapping.

How It Works

The platform's core innovation is its "decoupling" concept, separating compliance requirements from cybersecurity controls. This allows for reusability of assessments across different scopes or frameworks, enabling users to evaluate a single scope against multiple standards simultaneously. This approach reduces redundant work and allows teams to focus on remediation rather than repetitive reporting and consistency checks.

Quick Start & Requirements

• Cloud Trial: Available at intuitem.com.
• Local Installation: Requires Docker and Docker Compose. Clone the repository and run ./docker-compose.sh.
• Prerequisites: Docker (>= 27.0), Docker Compose. For Windows, WSL is required.
• Production: DJANGO_DEBUG=False is recommended.
• Documentation: https://intuitem.gitbook.io/ciso-assistant/

Highlighted Details

• Supports over 90 GRC frameworks (e.g., NIST CSF, ISO 27001, SOC2, GDPR, PCI DSS, NIS2, CMMC).
• API-first design for UI interaction and external automation.
• Customizable frameworks via a simple syntax and tooling.
• Built-in risk assessment and remediation tracking workflows.

Maintenance & Community

• Developed and maintained by Intuitem.
• Active Discord community for interaction and support.
• Roadmap available.

Licensing & Compatibility

• Community Edition: AGPL v3.
• Commercial Editions (Pro/Enterprise): Custom intuitem Commercial Software License.
• Files outside the "enterprise" directory are AGPL v3; files within "enterprise" are under the commercial license. AGPL v3 may have implications for closed-source linking.

Limitations & Caveats

• The main branch is for development and may contain breaking changes; stable versions should be used via tags or prebuilt images.
• Safari may not work correctly with the local development setup due to HTTPS requirements for secure cookies.
• Frameworks marked with * require manual retrieval of the latest Excel sheets due to licensing restrictions.