What's New in CISO Assistant — Week 05, 2026 (v3.10.5 – v3.11.2)

Four releases landed this week, spanning a breaking data-import overhaul in v3.10.5 through a feature-dense v3.11.2 that also ships the Django 6 migration. Here is what matters most.

Breaking Changes

Two changes in v3.10.5 deserve attention before you upgrade:

• Excel library import — Libraries can now be imported directly from Excel workbooks. This is a breaking change to the import flow; existing JSON-only workflows will need to be updated.
• Perimeters are now optional — Perimeters no longer need to be defined to use the platform. This simplifies initial setup for smaller organisations but may affect automations that assumed a perimeter was always present.

New Features

CLI object import & data-wizard refactor — The CLI now supports bulk object import, and the data wizard behind it has been significantly reworked for reliability and extensibility. In v3.11.2, the wizard gained even more object types, the ability to import risk-scenario treatments, and a user-selectable conflict-resolution strategy (Pro) — choose whether incoming data overwrites, skips, or merges with existing records.

Evidence metrics & observation support — Evidences can now carry quantitative metrics and observation notes on metric samples, laying the groundwork for trend tracking and automated compliance health dashboards.

Issue management fields — New fields on issues make it easier to track ownership, deadlines, and resolution status without leaving CISO Assistant.

Framework & Library Updates

• RBI Master Direction, 2023 — Added by community contributor @raghibawan (welcome!). The Reserve Bank of India framework is available alongside a companion RBI library.
• CIS & CCM converters — Both benchmarks now have v2-format converters, making it easier to keep them up to date as new versions are published.

Internationalisation

• A placeholder has been added to support Lithuanian, paving the way for full translation coverage.

UX Improvements

• Unified card styles — Visual inconsistencies between the model table and other pages have been ironed out.
• Compliance recap placeholder — When no audits are visible, the compliance recap now shows a helpful empty state instead of a blank area.
• Confirm-modal styling — All confirmation dialogs follow a single design pattern.
• Demo-data loading feedback — The spinner now tells you that demo data is being loaded, so you know the app has not frozen.
• Better error messages on custom library uploads surface the root cause faster.

Bug Fixes

• Recovery objectives now align correctly when the objective value is unset.
• Folder-level metrics update properly on control or incident changes.
• Empty or zero target values no longer cause division errors.
• Reference-control string overrides are preserved so translations are honoured.
• Entity-relationship visibility constraints are correctly enforced.
• Risk tolerance reset now works cleanly and inherent risks are included in CRQ calculations.
• Audit progress is calculated based on implementation groups, not raw requirement counts.
• Registration emails are sent when SSO is forced for representatives.
• Missing recovery objectives in the BIA report have been restored.
• The get_accessible_folder_ids check no longer skips folder-object validation.

Infrastructure

• Django 6 migration — The backend has moved to Django 6. This is a significant dependency upgrade; review your custom middleware or extensions for compatibility.

For the full list of changes, see the v3.10.5 – v3.11.2 releases on GitHub.