What's New in CISO Assistant — Week 20, 2026 (v3.16.2)

After a quiet W19, this week brings v3.16.2 — a single release packed with new framework libraries, two experimental UX flows, audit performance improvements, and a satisfying batch of fixes across mappings, filters, and i18n.

Headline Features

• Experimental UI mode to create and link assets — A new in-place flow for spinning up assets and linking them as you work, joining the growing set of experimental UX tracks.
• Specialized wizard for customer questionnaire prefill — A guided wizard that streamlines prefilling customer questionnaires, reducing the manual back-and-forth that typically dominates this workflow.
• Folder tree — writable permission handling — Folder tree selection now honors writable permissions, so users only see destinations they can actually write to. Thanks to @tchoumi313.

Framework & Library Updates

• 🇪🇺 EU CER Directive — The Critical Entities Resilience directive is now available as a library, complementing existing EU regulatory coverage.
• 🇬🇧 UK Defence Standard 05-138 — The UK MOD’s cyber security for defence suppliers standard now ships as a library.
• CBDDO and DoW ZT-OT framework preparation — Initial groundwork for the CBDDO and DoW Zero Trust / OT frameworks landed, followed by a restructuring pass. Welcome to @celalunalp for the first contribution on this track and thanks to @tarkadia for the restructure.
• ReCyF Framework — IG fixes — Implementation group definitions on the ReCyF framework were corrected. Thanks to @tarkadia.
• Templates — standardize on “shall” per ISO/IEC Directives Part 2 — Mandatory language in templates is now aligned with the ISO/IEC Directives Part 2 conventions. Thanks to @kriss-b.

Performance

• Audit — aggregate-based progress — The per-row progress walk has been replaced with a single aggregate query. A meaningful win on larger audits. Thanks to @tarkadia.

Data Import & Automation

• New record consumers + better-documented import commands — Additional record consumers landed and the data import CLI commands now ship with detailed help descriptions. Thanks to @tchoumi313.

Bug Fixes

• Mapping engine invalidation on library load/unload — Mappings are now properly invalidated when a mapping library is loaded or unloaded, eliminating a class of stale-cache surprises. Thanks to @nas-tabchiche.
• Governance calendar & assessment counters — folder filtering — Folder filters are now respected by the governance calendar and assessment counters. Thanks to @tchoumi313.
• Filtered asset export honors list filters (#4046) — Asset exports now match the filters applied to the list view. Welcome to @rush2ranvijay for their first contribution.
• Breadcrumb refresh on requirement assessment navigation — The breadcrumb now refreshes correctly as users navigate requirement assessments. Thanks to @Mohamed-Hacene.
• Norway is a country, not a boolean — A long-standing pitfall where the country code NO was being interpreted as the string "NO" (i.e., a no/false value) is fixed. Norway is now safe.
• Assessable parent without IG, but child has one — A 404 error in this configuration is resolved. Thanks to @monsieurswag.
• Audit IG filter — ancestors of matching descendants now shown — When filtering by implementation group, ancestors whose own IGs don’t match are now still shown if their descendants do, restoring the expected tree view. Thanks to @nas-tabchiche.
• HTML exports — line breaks preserved — Line breaks now survive HTML export.
• Tasks review — better adaptive layout — The tasks review view adapts more gracefully to the available space.

Internationalization

• 🇨🇿 Czech translation updates — Coverage extended across Risk, BIA, GDPR, and Assets. Welcome to @zdenek-pergl for their first contribution.

Testing

• Journeys functional tests — Coverage added for the journeys feature shipped in v3.16.0–v3.16.1. Thanks to @melinoix.

CI & Developer Experience

• pnpm pinned via pnpm/action-setup@v4 — CI now pins pnpm explicitly and hardens Playwright version detection.
• Native Windows development experience — Working on the project on native Windows is smoother out of the box. Thanks to @tarkadia.

New Contributors

A warm welcome to three first-time contributors this week:

• @celalunalp — kicked off the CBDDO and DoW ZT-OT framework groundwork.
• @rush2ranvijay — fixed filtered asset export to honor list filters.
• @zdenek-pergl — extended the Czech translation across Risk, BIA, GDPR, and Assets.

For full details, check out the v3.16.2 release notes on GitHub.