· intuitem · News  · 3 min read

What's New in CISO Assistant — Week 15, 2026 (v3.15.3 – v3.15.7)

Security keys as a second factor, expanded vulnerability management, five new frameworks, a redesigned timeline, and EBIOS RM light mode.

Security keys as a second factor, expanded vulnerability management, five new frameworks, a redesigned timeline, and EBIOS RM light mode.

A packed week with five releases bringing hardware security keys, broader vulnerability management, a wave of new compliance frameworks, and plenty of UX refinements.

Security Keys (FIDO2 / WebAuthn)

Hardware security keys as a second authentication factor (v3.15.3) — CISO Assistant now supports FIDO2-compatible security keys, fingerprint readers, and other platform authenticators as a second factor. Two follow-up patches (v3.15.4, v3.15.5) hardened WebAuthn for cloud deployments by fixing the relying-party ID handling.

Expanded Vulnerability Management

Epic: broader vulnerability management capabilities (v3.15.7) — This release significantly expands what you can do with vulnerabilities in CISO Assistant, building on the MCP and API foundations shipped in v3.15.2.

New Frameworks & Libraries

Five community-contributed frameworks land this week:

  • NIST CSF 2.0 Journey (v3.15.3) — courtesy of new contributor @blockanz.
  • ANS HospiConnect HOPEN2 Program Library (v3.15.3) — contributed by @lulustucru-dsn.
  • CyFun Small Self-Assessment translations (v3.15.3) — contributed by @fastlorenzo.
  • DGSSI Cloud Qualification (Morocco, arrêté 3-17-25) (v3.15.6) — courtesy of new contributor @oulkhabou.
  • French National Authority for Health — Quality of Care Certification (v3.15.6) — contributed by @ImanABS.
  • EUDI Wallet ARF High-Level Requirements (v3.15.6) — also contributed by @ImanABS.

UX Improvements

  • Orphan controls identification (v3.15.3) — Spot applied controls that are not linked to any compliance requirement, making it easier to clean up or reassign stale controls.
  • Yearly tasks review UI (v3.15.3) — The yearly review workflow has been polished for a smoother experience.
  • New timeline visualization (v3.15.6) — A redesigned timeline component with better performance and a cleaner look.
  • EBIOS RM light mode (v3.15.6) — Workshop 5 scenario generation now supports a “light” mode that follows a cascading logic to build scenarios from whatever data is available, so you no longer need every preceding workshop to be fully completed.
  • Batch label actions (v3.15.6) — Apply or remove labels in bulk on applied controls and findings.
  • Risk analysis PDF — scenario pagination (v3.15.6) — Scenarios now start on a new page in risk analysis PDF exports, improving readability.
  • Client name in page title (v3.15.6) — The browser tab now reflects the current client name, contributed by @Axxiar.
  • Inlined documentation on Word export (v3.15.6) — Supported attributes are now documented inline in Word exports.

Framework Builder

The framework builder introduced in v3.15.0 continues to mature with a round of improvements (v3.15.6), including better handling of requirement hierarchies and usability fixes.

Internationalisation

  • Lithuanian language support (v3.15.3) — A new locale for the platform interface.

Bug Fixes

  • Regression on attaching existing items to applied controls (v3.15.3).
  • Analytics dashboard chart pointer console error (v3.15.3).
  • Excel file upload on Mac after the recent upgrade (v3.15.3).
  • Applied control duplication and copy-from-reference-controls regressions (v3.15.3).
  • Missing link for non-compliant items and batch CSF actions (v3.15.3).
  • Implementation groups for dynamic frameworks (v3.15.6).
  • TISAX framework missing version (v3.15.6).
  • Applied controls export/import inconsistencies (v3.15.6).
  • Local MFA handling when SSO is enabled (v3.15.6).
  • SSO users unable to manage Personal Access Tokens (v3.15.6).

Security

  • Lupa dependency upgrade (v3.15.7) — Resolves a Dependabot security alert.
  • Django 6.0.3 to 6.0.4 (v3.15.6) — Picks up the latest Django security and stability fixes.
  • cryptography 46.0.6 to 46.0.7 (v3.15.6) — Updated across backend, CLI, and automation packages.

Infrastructure

  • Migration to Vite 6 (v3.15.6) — The frontend build toolchain has been upgraded to Vite 6.
  • OIDC debug mode (v3.15.6) — extra_data is now visible in debug mode for easier OIDC troubleshooting.

New Contributors

Welcome to @blockanz and @oulkhabou, who both made their first contributions this week!

For full details, check out the v3.15.3 through v3.15.7 release notes on GitHub.

Share:
Back to Blog

Related Posts

View All Posts »
What's New in CISO Assistant — Week 18, 2026 (v3.16.1)

What's New in CISO Assistant — Week 18, 2026 (v3.16.1)

A focused v3.16.1 release: a new journeys editor, Azure Blob Storage as an alternative to S3, AI chat memory improvements, EPSS feeds, IEC 62443 outline, NIST CSF 1.1 enriched with reference controls, expanded respondent mode for third parties, and a steady stream of performance and bug fixes.

What's New in CISO Assistant — Week 17, 2026 (v3.16.0)

What's New in CISO Assistant — Week 17, 2026 (v3.16.0)

A heavy v3.16.0 release: merge applied controls, action plans for incidents, custom analytics dashboards, four new framework libraries (CNDP Morocco, OIV Air Transport, 3CF v3.1, recyf enrichment), NIST CSF 2.0 recommendations, and a long sweep of UX, performance and bug fixes.