CISO Assistant is a one-stop-shop for cyber security program management. It provides a pragmatic approach to manage Governance, Risk and Compliance (GRC).
Features
Learn more about the features that make CISO Assistant the best choice for your security team. We are constantly working to improve our product, so stay tuned for more features!
One-stop-shop for all your Governance, Risk, and Compliance (GRC) topics. Don't waste any more time tracking and aligning Excel sheets across your organization.
You can choose between cloud and on-premises deployment to align with your operational needs and security preferences. You can also start with one and migrate to the other later on.
You can manage your audit across multiple frameworks in a straightforward way, with evidences centralization and reporting capabilities. CISO assistant also has a unique approach to reusing as much as possible work from previous audits and mapping that to security controls.
Based on a lot of groundwork and feedback from cybersecurity experts in multiple fields, we have been refining the workflow and the UI of the risk assessment module to make it as pragmatic and methodology-agnostic as possible.
+130 frameworks and multiple ready-to-use resources and recommendations to get you started quickly without the groundwork. You can also benefit from community-driven libraries and even package yours for reuse across multiple projects.
Thanks to built-in analytics, collaboration features, workflows, automatic sanity checks, scoring assistant and so many capabilities, you can focus on driving your cyber security program instead of doing repetitive tasks.
Multiple import and export features to get you started right away and avoid any lock-in. You can import your libraries of threats and security functions as well as previous analysis to centralize your work in CISO assistant in a very short amount of time.
Open source being one of our core values, it translates into our solutions being so. This is a win-win situation, for the community as any small organization can use the free community edition, and for us by learning from good practices all over the world. This also shows in the open formats that we use for framework management and data import and export.
Centralize and track the progress of your remediation plan thanks to the integration with your ticketing management system (jira). CISO Assistant can also track and cross-check the ETA to get you ahead of your timeline and avoid chasing down information across your organization.
AI has a lot of interesting cases in cyber security and productivity improvement, but it's tricky when you're dealing with such highly sensitive information as your risks and remediation progress. We've been working on engines that ensure your data stay private without sacrificing any advantage.
A flexible (REST) API for automation is available for data extraction, compliance, and risk automation. This is a great enabler for integrating CISO Assistant within your ecosystem.
As requested by the community, we have added a new capability to assess the maturity of criteria during your audit. This allows you to have an extra dimension during your campaigns to benchmark and compare the cyber security posture across projects or divisions.
Thanks to this feature, CISO Assistant reduces the friction of moving from one framework or standard to another by relying on the NIST OLIR standard for mappings and crosswalks. You can also customize yours and adjust how one requirement relates to another.
This is usually one of the trickiest and most time-consuming tasks in GRC, and CISO Assistant has an answer to it: you can use the audit capabilities to capture your provider's compliance directly in the app and get all relevant insights in one place.
As part of our integration of each framework, we progressively enrich it with recommended controls to ease up your compliance and let you focus on the operational side of your program. This is provided as part of our recommendations engine.
CISO Assistant comes up with multiple scripts as part of its toolbox and a very flexible CLI. This allows you to cover multiple automation tasks, customize frameworks, build mapping, and so much more.
Built-in capabilities for advanced insights to assist with prioritisation and analyzing the impact of your controls.
Support for the ANSSI's EBIOS RM risk assessment methodology with the full five workshops.
Track your compliance tasks, for one-time or periodic actions, in a single place with multiple assignments and reminders.
Conduct your BIA assessments directly on the app and link them to your assets and actions to structure your cyber resilience program.
Using the Privacy module, you can capture your GDPR processings in a single place and capture all the required data on the platform and link them to your action plan.
Whether you want to capture major incidents to use them with other objects or track the full timeline on the solution, this module can help you achieve that, including capturing evidence during incident management.
Automatically get your compliance results based on the progress of associated controls. The same capabilities are available to refresh your risk assessment as well.
Get started with Cyber Risk Quantification (CRQ) module that allows you to combine multiple scenarios, with multiple treatment hypotheses, and decide on the most optimal approach with numbers! The feature is beginner-friendly as it has a preset distribution so that you can focus on the loss and probability estimate.
Step 1: Choose your deployment
Kickstart with the free instance or GitHub! The choice is yours. We're here to make your journey as smooth as possible. So, take your pick and let's get started!
Step 2.a: Experiment and Add your content
Follow the documentation to get started with CISO assistant. You can add your own content and experiment with the features. We're here to help you every step of the way on our Discord server.
Step 2.b: Discuss specific features/needs
If you are looking for a specific feature or you have a particular need, we are here to help you. Any customization will be covered by the enterprise plan support and can be tailored to your case.
Step 3: Upgrade your plan
If you are happy with the community edition then we are happy for you. We encourage you to upgrade to Pro or Enterprise to get the most out of CISO Assistant and of guaranteed data migration.
Ready!
Check out the upcoming events and catch up on the previous ones!
Some of the organizations that we had the pleasure to work with on products or consultancy:
In addition to direct purchase, some of our sales channels:
Our technological partners:
Nothing better than a free instance to test it out and find out how CISO Assistant can help you. Don't waste more time on low values operations and start focusing on what really matters.
Explore our collection of articles, guides, and tutorials on development, cyber security, AI, program management and so much more.
A heavy v3.16.0 release: merge applied controls, action plans for incidents, custom analytics dashboards, four new framework libraries (CNDP Morocco, OIV Air Transport, 3CF v3.1, recyf enrichment), NIST CSF 2.0 recommendations, and a long sweep of UX, performance and bug fixes.
Reading ox.security's MCP advisory against the real Model Context Protocol attack surface, and a ten-minute audit for MCP server authors.
Container hardening, Cyfun 2025 scoring and export, richer import/export across TPRM, findings and risk assessments, DORA subcontracting chains, and a wave of UX polish.
Security keys as a second factor, expanded vulnerability management, five new frameworks, a redesigned timeline, and EBIOS RM light mode.