What's New in CISO Assistant — Week 10, 2026 (v3.13.5 – v3.14.0)

Week 10 wraps up the v3.13 series and opens v3.14 with a focus on administrative control, better navigation, and regulatory alignment. Three releases land this week, capped by the v3.14.0 milestone.

Administration & Governance

Default language with enforcement (v3.13.5) — Administrators can now set a default UI language for the organisation and optionally force it on all users. This is particularly useful for regulated environments where audit documentation must be generated in a specific language.

Expanded currency support (v3.13.5) — The list of supported currencies has been broadened, and the currency-management interface has been improved, making it easier to work with cost data across international teams.

Enforced MFA now excludes SSO users (v3.13.6) — When MFA enforcement is enabled, users who authenticate via SSO are correctly excluded, since their identity provider already handles second-factor requirements.

Navigation & UX

Folder selection everywhere (v3.13.6) — Folder selection and search capabilities have been extended to all folder fields across the application, not just the main navigation tree. This makes reorganising and filtering content significantly faster.

Journey feature flags (v3.13.5) — Users can now toggle feature flags on and off directly within Journeys, giving more control over which guided steps are active without requiring admin intervention.

Related models tab in detail views (v3.13.5) — Detail pages now include a dedicated tab listing all related models, making it easier to understand how an object connects to the rest of the GRC landscape.

Tasks on domain details (v3.13.5) — The domain detail view now surfaces associated tasks, so project managers can see outstanding work without navigating away.

Ref ID in audit action plans (v3.13.5) — Reference IDs are now visible in audit action plans, improving traceability between action items and their source requirements.

Framework & Library Updates

• ANS CARE domaine 2 (v3.14.0) — Contributed by @lulustucru-dsn (welcome!). Adds the template for the second domain of the French ANS CARE framework.

Customisation

Custom email and report templates (v3.14.0, Pro) — Organisations can now customise the templates used for notification emails and Word report exports, enabling branded communications and reports that match internal formatting standards.

Data Wizard

Enhanced security and recovery objectives parsing (v3.14.0) — The AssetRecordConsumer in the data wizard now handles security and recovery objectives more robustly, reducing import errors when dealing with complex asset inventories.

Lazy mode adapts to dataset size (v3.14.0) — The lazy-loading mode introduced in v3.13.x now activates only on large datasets, avoiding unnecessary overhead on smaller deployments where eagerly loading data is fast enough.

DORA Compliance

ROI export aligned with 4.0 specs (v3.14.0) — The Register of Information export has been updated to match the DORA 4.0 specification format and now supports NBB-compliant exports for Belgian-supervised entities.

Bug Fixes

• “About” then “Quick Start” navigation no longer fails (v3.13.5).
• Invalid DOM error in tree-map chart component resolved (v3.13.5).
• Defensive guards added to analytics to prevent crashes on edge-case data (v3.13.5).
• Lazy autocomplete-select no longer deactivates when used as a unique input (v3.13.5).
• EBIOS RM radar chart layout corrected (v3.13.6).
• Colliding Journeys on the same folder are now handled gracefully (v3.13.6).
• BIA threshold display fixed when all values are zero (v3.13.6).
• Missing space between implementation-group badges in requirement assessments restored (v3.13.6).
• Duplication and redirection issues on risk assessments resolved (v3.14.0).
• Minor inconsistency between audit and risk-assessment action plans corrected (v3.14.0).

For the full list of changes, see the v3.13.5 – v3.14.0 releases on GitHub.