· intuitem · News  · 4 min read

What's New in CISO Assistant — Week 20, 2026 (v3.16.2)

v3.16.2 brings two new framework libraries (EU CER directive, UK Defence Standard 05-138), an experimental UI mode for asset creation, a specialized wizard for customer questionnaire prefill, the start of CBDDO and DoW ZT-OT framework support, plus a healthy round of audit performance work, mapping engine fixes, and i18n improvements.

v3.16.2 brings two new framework libraries (EU CER directive, UK Defence Standard 05-138), an experimental UI mode for asset creation, a specialized wizard for customer questionnaire prefill, the start of CBDDO and DoW ZT-OT framework support, plus a healthy round of audit performance work, mapping engine fixes, and i18n improvements.

After a quiet W19, this week brings v3.16.2 — a single release packed with new framework libraries, two experimental UX flows, audit performance improvements, and a satisfying batch of fixes across mappings, filters, and i18n.

Headline Features

  • Experimental UI mode to create and link assets — A new in-place flow for spinning up assets and linking them as you work, joining the growing set of experimental UX tracks.
  • Specialized wizard for customer questionnaire prefill — A guided wizard that streamlines prefilling customer questionnaires, reducing the manual back-and-forth that typically dominates this workflow.
  • Folder tree — writable permission handling — Folder tree selection now honors writable permissions, so users only see destinations they can actually write to. Thanks to @tchoumi313.

Framework & Library Updates

  • 🇪🇺 EU CER Directive — The Critical Entities Resilience directive is now available as a library, complementing existing EU regulatory coverage.
  • 🇬🇧 UK Defence Standard 05-138 — The UK MOD’s cyber security for defence suppliers standard now ships as a library.
  • CBDDO and DoW ZT-OT framework preparation — Initial groundwork for the CBDDO and DoW Zero Trust / OT frameworks landed, followed by a restructuring pass. Welcome to @celalunalp for the first contribution on this track and thanks to @tarkadia for the restructure.
  • ReCyF Framework — IG fixes — Implementation group definitions on the ReCyF framework were corrected. Thanks to @tarkadia.
  • Templates — standardize on “shall” per ISO/IEC Directives Part 2 — Mandatory language in templates is now aligned with the ISO/IEC Directives Part 2 conventions. Thanks to @kriss-b.

Performance

  • Audit — aggregate-based progress — The per-row progress walk has been replaced with a single aggregate query. A meaningful win on larger audits. Thanks to @tarkadia.

Data Import & Automation

  • New record consumers + better-documented import commands — Additional record consumers landed and the data import CLI commands now ship with detailed help descriptions. Thanks to @tchoumi313.

Bug Fixes

  • Mapping engine invalidation on library load/unload — Mappings are now properly invalidated when a mapping library is loaded or unloaded, eliminating a class of stale-cache surprises. Thanks to @nas-tabchiche.
  • Governance calendar & assessment counters — folder filtering — Folder filters are now respected by the governance calendar and assessment counters. Thanks to @tchoumi313.
  • Filtered asset export honors list filters (#4046) — Asset exports now match the filters applied to the list view. Welcome to @rush2ranvijay for their first contribution.
  • Breadcrumb refresh on requirement assessment navigation — The breadcrumb now refreshes correctly as users navigate requirement assessments. Thanks to @Mohamed-Hacene.
  • Norway is a country, not a boolean — A long-standing pitfall where the country code NO was being interpreted as the string "NO" (i.e., a no/false value) is fixed. Norway is now safe.
  • Assessable parent without IG, but child has one — A 404 error in this configuration is resolved. Thanks to @monsieurswag.
  • Audit IG filter — ancestors of matching descendants now shown — When filtering by implementation group, ancestors whose own IGs don’t match are now still shown if their descendants do, restoring the expected tree view. Thanks to @nas-tabchiche.
  • HTML exports — line breaks preserved — Line breaks now survive HTML export.
  • Tasks review — better adaptive layout — The tasks review view adapts more gracefully to the available space.

Internationalization

  • 🇨🇿 Czech translation updates — Coverage extended across Risk, BIA, GDPR, and Assets. Welcome to @zdenek-pergl for their first contribution.

Testing

  • Journeys functional tests — Coverage added for the journeys feature shipped in v3.16.0–v3.16.1. Thanks to @melinoix.

CI & Developer Experience

  • pnpm pinned via pnpm/action-setup@v4 — CI now pins pnpm explicitly and hardens Playwright version detection.
  • Native Windows development experience — Working on the project on native Windows is smoother out of the box. Thanks to @tarkadia.

New Contributors

A warm welcome to three first-time contributors this week:

  • @celalunalp — kicked off the CBDDO and DoW ZT-OT framework groundwork.
  • @rush2ranvijay — fixed filtered asset export to honor list filters.
  • @zdenek-pergl — extended the Czech translation across Risk, BIA, GDPR, and Assets.

For full details, check out the v3.16.2 release notes on GitHub.

Share:
Back to Blog

Related Posts

View All Posts »
What's New in CISO Assistant — Week 18, 2026 (v3.16.1)

What's New in CISO Assistant — Week 18, 2026 (v3.16.1)

A focused v3.16.1 release: a new journeys editor, Azure Blob Storage as an alternative to S3, AI chat memory improvements, EPSS feeds, IEC 62443 outline, NIST CSF 1.1 enriched with reference controls, expanded respondent mode for third parties, and a steady stream of performance and bug fixes.

What's New in CISO Assistant — Week 17, 2026 (v3.16.0)

What's New in CISO Assistant — Week 17, 2026 (v3.16.0)

A heavy v3.16.0 release: merge applied controls, action plans for incidents, custom analytics dashboards, four new framework libraries (CNDP Morocco, OIV Air Transport, 3CF v3.1, recyf enrichment), NIST CSF 2.0 recommendations, and a long sweep of UX, performance and bug fixes.