MCPcopy
hub / github.com/intuitem/ciso-assistant-community

github.com/intuitem/ciso-assistant-community @v3.19.1 sqlite

repository ↗ · DeepWiki ↗ · release v3.19.1 ↗
10,452 symbols 40,995 edges 1,480 files 2,978 documented · 28%
README

Star the project 🌟 to get releases notification and help growing the community!

<a href="https://trendshift.io/repositories/9343" target="_blank"><img src="https://trendshift.io/api/badge/repositories/9343" alt="intuitem%2Fciso-assistant-community | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>



<a href="https://intuitem.com">intuitem.com</a>
·
<a href="https://intuitem.com/trial">SaaS Free trial</a>
·
<a href="https://intuitem.releasedhub.com/ciso-assistant-public/roadmap/d738f2fd">Roadmap</a>
·
<a href="https://intuitem.gitbook.io/ciso-assistant" target="_blank">Docs</a>
·
<a href="#supported-languages-">Languages</a>
·
<a href="https://discord.gg/qvkaMdQ8da">Discord</a>
·
<a href="#supported-frameworks-">Frameworks</a>

GitHub Release GitHub contributors GitHub Repo stars GitHub forks Discord

CISO Assistant offers a fresh perspective on Cybersecurity Management and GRC (Governance, Risk, and Compliance) practices:

  • Designed as a central hub to connect multiple cybersecurity concepts with smart linking between objects,
  • Built as a multi-paradigm tool that adapts to different backgrounds, methodologies, and expectations,
  • Explicitly decouples compliance from cybersecurity controls, enabling reusability across the platform,
  • Promotes reusability and interlinking instead of redundant work,
  • Developed with an API-first approach to support both UI interaction and external automation,
  • Comes packed with a wide range of built-in standards, security controls, and threat libraries,
  • Offers an open format to customize and reuse your own objects and frameworks,
  • Includes built-in risk assessment and remediation tracking workflows,
  • Supports custom frameworks via a simple syntax and flexible tooling,
  • Provides rich import/export capabilities across various channels and formats (UI, CLI, Kafka, reports, etc.).

Single Hub

Our vision is to create a one-stop-shop for cybersecurity management—modernizing GRC through simplification and interoperability.

As practitioners working with cybersecurity and IT professionals, we've faced the same issues: tool fragmentation, data duplication, and a lack of intuitive, integrated solutions. CISO Assistant was born from those lessons, and we're building a community around pragmatic, common-sense principles.

We’re constantly evolving with input from users and customers. Like an octopus 🐙, CISO Assistant keeps growing extra arms—bringing clarity, automation, and productivity to cybersecurity teams while reducing the effort of data input and output.

CodeFactor API Tests Functional Tests FOSSA Status


Quick Start 🚀

[!TIP] The easiest way to get started is through the free trial of cloud instance available here.

Alternatively, once you have Docker and Docker-compose installed, on your workstation or server:

clone the repo:

git clone --single-branch -b main https://github.com/intuitem/ciso-assistant-community.git

and run the starter script

./docker-compose.sh     # Linux/MacOS
./docker-compose.ps1    # Windows

If you are looking for other installation options for self-hosting, check the config builder and the docs.

[!NOTE] The docker-compose script uses prebuilt Docker images supporting most of the standard hardware architecture. If you're using Windows, make sure to have Docker Desktop with WSL2 installed and trigger the PowerShell script. It will feed Docker Desktop on your behalf.

The docker compose file can be adjusted to pass extra parameters to suit your setup (e.g. Mailer settings).

[!WARNING] If you're getting warnings or errors about image's platform not matching host platform, raise an issue with the details and we'll add it shortly after. You can also use docker-compose-build.sh instead (see below) to build for your specific architecture.

[!CAUTION] Don't use the main branch code directly for production as it's the merge upstream and can have breaking changes during our development. Either use the tags for stable versions or prebuilt images.


Features

Current features

Upcoming features are listed on the roadmap.

CISO Assistant is developed and maintained by Intuitem, a company specialized in Cybersecurity, Cloud, and Data/AI.


Core Concepts

Here’s an extract of some of the building blocks in CISO Assistant to illustrate the decoupling concept that encourages reusability:

Core Objects

For full details, check the data model documentation.


Decoupling Concept

At the heart of CISO Assistant lies the decoupling principle, which enables powerful use cases and major time savings:

  • Reuse past assessments across scopes or frameworks,
  • Evaluate a single scope against multiple frameworks simultaneously,
  • Let CISO Assistant handle reporting and consistency checks so you can focus on remediation,
  • Separate control implementation from compliance tracking.

Here is an illustration of the decoupling principle and its advantages:

https://github.com/user-attachments/assets/87bd4497-5cc2-4221-aeff-396f6b6ebe62

System architecture

End-user Documentation

Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant.

Setting up the local AI engine

Read more here: AI engine

Supported frameworks 🐙

  1. ISO 27001:2013 & 27001:2022 🌐
  2. NIST Cyber Security Framework (CSF) v1.1 🇺🇸
  3. NIST Cyber Security Framework (CSF) v2.0 🇺🇸
  4. NIS2 🇪🇺
  5. SOC2 🇺🇸
  6. PCI DSS 4.0.1 💳
  7. CMMC v2 🇺🇸
  8. PSPF 🇦🇺
  9. General Data Protection Regulation (GDPR): Full text and checklist from GDPR.EU 🇪🇺
  10. Essential Eight 🇦🇺
  11. NYDFS 500 with 2023-11 amendments 🇺🇸
  12. DORA (Act, RTS, ITS and GL) 🇪🇺
  13. NIST AI Risk Management Framework 🇺🇸🤖
  14. NIST SP 800-53 rev5 🇺🇸
  15. Règles OIV - Secteur « Activités civiles de l'Etat » (2019) 🇫🇷
  16. CCB CyberFundamentals Framework 🇧🇪
  17. NIST SP-800-66 (HIPAA) 🏥
  18. HDS/HDH 🇫🇷
  19. OWASP Application Security Verification Standard (ASVS) 4 🐝🖥️
  20. RGS v2.0 🇫🇷
  21. AirCyber ✈️🌐
  22. Cyber Resilience Act (CRA) 🇪🇺
  23. TIBER-EU 🇪🇺
  24. NIST Privacy Framework 🇺🇸
  25. TISAX (VDA ISA) v5.1 and v6.0 🚘
  26. ANSSI hygiene guide 🇫🇷
  27. Essential Cybersecurity Controls (ECC) 🇸🇦
  28. CIS Controls v8* 🌐
  29. CSA CCM (Cloud Controls Matrix)* ☁️
  30. FADP (Federal Act on Data Protection) 🇨🇭
  31. NIST SP 800-171 rev2 (2021) 🇺🇸
  32. ANSSI : recommandations de sécurité pour un système d'IA générative 🇫🇷🤖
  33. NIST SP 800-218: Secure Software Development Framework (SSDF) 🖥️
  34. GSA FedRAMP rev5 ☁️🇺🇸
  35. Cadre Conformité Cyber France (3CF) v1 (2021) ✈️🇫🇷
  36. ANSSI : SecNumCloud ☁️🇫🇷
  37. Cadre Conformité Cyber France (3CF) v2 (2024) ✈️🇫🇷
  38. ANSSI : outil d’autoévaluation de gestion de crise cyber 💥🇫🇷
  39. BSI: IT-Grundschutz-Kompendium 🇩🇪
  40. NIST SP 800-171 rev3 (2024) 🇺🇸
  41. ENISA: 5G Security Controls Matrix 🇪🇺
  42. OWASP Mobile Application Security Verification Standard (MASVS) 🐝📱
  43. Agile Security Framework (ASF) - baseline - by intuitem 🤗
  44. ISO 27001:2013 🌐 (For legacy and migration)
  45. EU AI Act 🇪🇺🤖
  46. FBI CJIS 🇺🇸👮
  47. Operational Technology Cybersecurity Controls (OTCC) 🇸🇦
  48. Secure Controls Framework (SCF) 🇺🇸🌐
  49. NCSC - Cyber Assessment Framework (CAF) v3.2 🇬🇧
  50. California Consumer Privacy Act (CCPA) 🇺🇸
  51. California Consumer Privacy Act Regulations 🇺🇸
  52. NCSC Cyber Essentials 🇬🇧
  53. Directive Nationale de la Sécurité des Systèmes d'Information (DNSSI) Maroc 🇲🇦
  54. Part-IS ✈️🇪🇺
  55. ENS Esquema Nacional de seguridad 🇪🇸
  56. Korea ISA ISMS-P 🇰🇷
  57. Swiss ICT minimum standard 🇨🇭
  58. Adobe Common Controls Framework (CCF) v5 🌐
  59. BSI Cloud Computing Compliance Criteria Catalogue (C5) 🇩🇪
  60. Référentiel d’Audit de la Sécurité des Systèmes d’Information, ANCS Tunisie 🇹🇳
  61. ECB Cyber resilience oversight expectations for financial market infrastructures 🇪🇺
  62. Mindeststandard-des-BSI-zur-Nutzung-externer-Cloud-Dienste (Version 2.1) 🇩🇪
  63. Formulaire d'évaluation de la maturité - niveau fondamental (DGA) 🇫🇷
  64. NIS2 technical and methodological requirements 2024/2690 🇪🇺
  65. Saudi Arabian Monetary Authority (SAMA) Cybersecurity Framework 🇸🇦
  66. Guide de sécurité des données (CNIL) 🇫🇷
  67. International Traffic in Arms Regulations (ITAR) 🇺🇸
  68. Federal Trade Commission (FTC) Standards for Safeguarding Customer Information 🇺🇸
  69. OWASP's checklist for LLM governance and security 🌐
  70. Recommandations pour les architectures des systèmes d’information sensibles ou à diffusion restreinte (ANSSI) 🇫🇷
  71. CIS benchmark for Kubernetes v1.10 🌐
  72. De tekniske minimumskrav for statslige myndigheder 🇩🇰
  73. Google SAIF framework 🤖
  74. Recommandations relatives à l'administration sécurisée des SI (ANSSI) 🇫🇷
  75. Prudential Standard CPS 230 - Operational Risk Management (APRA) 🇦🇺
  76. Prudential Standard CPS 234 - Information Security (APRA) 🇦🇺
  77. Vehicle Cyber Security Audit (VCSA) v1.1 🚘
  78. Cisco Cloud Controls Framework (CCF) v3.0 ☁️🌐
  79. FINMA - Circular 2023/01 - Operational risks and resilience - Banks 🇨🇭
  80. Post-Quantum Cryptography (PQC) Migration Roadmap (May 2025) 🔐
  81. Cloud Sovereignty Framework - 1.2.1 - Oct 2025 🇪🇺
  82. ISO 22301:2019 outline - Business continuity management systems 🌐
  83. CCB CyberFundamentals Framework 2025 🇧🇪
  84. Prestataires de détection des incidents de sécurité (PDIS) - Référentiel d’exigences 🇫🇷
  85. Vendor Due Diligence - simple baseline - intuitem 🌐
  86. Points de contrôle Active Directory (AD) - ANSSI 🇫🇷
  87. ISO 42001:2023 outline - Artificial Intelligence Management System, including Annex A 🤖🌐
  88. India's Digital Personal Data Protection Act (DPDPA) - 2023 🇮🇳
  89. E-ITS (Estonia's national cyber security standard) - 2024 🇪🇪
  90. Microsoft cloud security benchmark v1 - ☁️🌐
  91. Baseline informatiebeveiliging Overheid 2 (BIO2) 🇳🇱
  92. ANSSI : Questionnaire MonAideCyber 🇫🇷
  93. ITSP.10.171 - Protecting specified information in non-Government of Canada systems and organizations 🇨🇦
  94. CISA Vendor Supply Chain Risk Management (SCRM) Template 🇺🇸
  95. European Sustainability Reporting Standards (ESRS) 🇪🇺
  96. ITIL 4 Management Practices 🌐
  97. NOREA - DORA in Control Framework v3.0 🇪🇺
  98. NIS-1 transposition FR 🇫🇷
  99. PSSI État 🇫🇷
  100. Checklist de dossier d'homologation 🇫🇷
  101. Cahier des charges Label EBIOS RM v3.1 🇫🇷
  102. SecNumCloud v3.2 Annexe 2 : recommandations aux commanditaires ☁️🇫🇷
  103. CCB CyberFundamentals Small - Self assessment 🇧🇪
  104. Mitre ATT&CK v18.1 - Threat catalog 🌐
  105. Mitre D3FEND - Reference controls 🌐
  106. OWASP Top 10 Web - Threat catalog 🐝🌐
  107. OWASP MAS Threat Modelling Guide - Threat catalog 🐝📱
  108. CISA Cybersecurity Performance Goals (CPG) v2.0 🇺🇸
  109. ANSSI : Référentiel Cyber France pour la réglementation NIS2 (ReCyF) 🇫🇷
  110. Cadre Conformité Cyber France (3CF) v3.1 (2026) ✈️🇫🇷
  111. Règles OIV - Secteur « Transport aérien » (2016) ✈️🇫🇷
  112. IEC 62443 series — parts 2-1, 2-4, 3-2, 3-3, 4-1, 4-2 🏭🌐
  113. CER Directive (Critical Entities Resilience) 🇪🇺
  114. EUDI ARF — EU Digital Identity Wallet High-Level Requirements (Annex 2.02) 🇪🇺
  115. UK Defence Standard 05-138 Issue 4 🇬🇧
  116. Référentiel HAS - Certification des établissements de santé pour la qualité des soins 🇫🇷🏥
  117. Personal Data Protection Law (PDPL) 🇸🇦
  118. NCSC - Cyber Assessment Framework (CAF) v4.0 🇬🇧
  119. Algemene Beveiligingseisen voor Rijksoverheidsopdrachten (ABRO) 2026 🇳🇱

Community contributions

  1. PGSSI-S (Politique Générale de Sécurité des Systèmes d'Information de Santé) 🇫🇷
  2. ANSSI : Recommandations de configuration d'un système GNU/Linux 🇫🇷
  3. PSSI-MCAS (Politique de sécurité des systèmes d’information pour les ministères chargés des affaires sociales) 🇫🇷
  4. ANSSI : Recommandations pour la protection des systèmes d'information essentiels 🇫🇷
  5. ANSSI : Recommandations de sécurité pour l'architecture d'un système de journalisation 🇫🇷
  6. ANSSI : Recomma

Extension points exported contracts — how you extend this code

IResourceHandler (Interface)
(no doc) [25 implementers]
automation/n8n/n8n-nodes-ca/nodes/types/index.ts
HaveSidebarI (Interface)
(no doc) [1 implementers]
frontend/tests/utilsv2/core/page.ts
Locals (Interface)
(no doc)
frontend/src/app.d.ts
ClientInfo (Interface)
(no doc)
enterprise/frontend/src/routes/(app)/(internal)/settings/client-settings/+server.ts
ICisoAssistantCredentials (Interface)
(no doc)
automation/n8n/n8n-nodes-ca/nodes/types/index.ts
PageReport (Interface)
(no doc)
frontend/tests/utils/a11y-report.ts
PageData (Interface)
(no doc)
frontend/src/app.d.ts
IRequestConfig (Interface)
(no doc)
automation/n8n/n8n-nodes-ca/nodes/types/index.ts

Core symbols most depended-on inside this repo

get
called by 3272
backend/iam/views.py
get
called by 1701
backend/core/views.py
_
called by 1405
tools/mapping_builder/heatmap_builder_notebook.py
create
called by 1332
backend/core/models.py
filter
called by 1017
backend/library/views.py
filter
called by 982
backend/core/views.py
get
called by 650
backend/chat/knowledge_graph.py
click
called by 551
frontend/tests/utils/sidebar.ts

Shape

Method 4,570
Function 3,111
Class 2,251
Route 413
Interface 105
Enum 2

Languages

Python87%
TypeScript13%

Modules by API surface

backend/core/views.py768 symbols
backend/core/models.py460 symbols
backend/core/serializers.py451 symbols
backend/tprm/test/test_dora_export.py296 symbols
backend/data_wizard/views.py145 symbols
backend/data_wizard/tests/test_consumers.py123 symbols
backend/ebios_rm/models.py107 symbols
frontend/src/lib/components/FrameworkBuilder/builder-state.ts100 symbols
backend/iam/models.py95 symbols
backend/data_wizard/tests/test_load_file_view.py90 symbols
backend/app_tests/api/test_api_framework_builder.py90 symbols
backend/ebios_rm/views.py86 symbols

Dependencies from manifests, versioned

@floating-ui/dom1.7.1 · 1×
@fortawesome/fontawesome-free6.7.2 · 1×
@inlang/paraglide-js2.17.0 · 1×
@playwright/test1.60.0 · 1×
@skeletonlabs/skeleton4.0.0 · 1×
@skeletonlabs/skeleton-svelte4.0.0 · 1×
@svelte-put/copy3.0.2 · 1×
@svelte-put/qr1.2.1 · 1×
@sveltejs/adapter-auto7.0.1 · 1×
@sveltejs/adapter-node5.5.4 · 1×

For agents

$ claude mcp add ciso-assistant-community \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact