What's New in CISO Assistant — Week 27, 2026 (v3.19.0)

The v3.19.0 minor landed on June 29 with a big slate of features headlined by SCIM provisioning, offline-ready AI, and managed portals — plus a deep round of fixes across TPRM, OIDC, exports, and translations.

Headline Features

• SCIM provisioning & IdP groups mapping — CISO Assistant now supports SCIM, automatically provisioning users from your identity provider and mapping IdP groups to roles. This brings true directory-driven access management to the platform (PR #4393, with follow-ups #4415 and #4425). Thanks to @tchoumi313.
• Offline-ready AI (breaking) — Embedding and reranker models are now pre-baked into the image so the AI assistant works fully offline. Expect a larger image size as a result (PR #4404). Thanks to @Mohamed-Hacene.
• Managed portals — A new managed portals capability for delivering scoped, externally-facing experiences (PR #4386). Thanks to @ab-smith.

Security & Access

• Admin MFA reset — Administrators can now reset another user’s MFA, smoothing recovery when someone loses access to their authenticator (PR #4270). Thanks to @tchoumi313.
• Stronger OIDC state & nonce — Increased the length of the OIDC state and nonce values for better protection against replay and CSRF-style attacks (PR #4411). Thanks to @tchoumi313.

New Features

• Manual implementation groups on dynamic frameworks — Implementation groups can now be set manually on dynamic frameworks (PR #4391). Thanks to @Mohamed-Hacene.
• Disable the “partially compliant” option — Admins can now turn off the partially-compliant assessment result for stricter scoring (PR #4421). Thanks to @ab-smith.
• Optional collection creation for PMBOK projects — Collection creation is now optional when starting new projects, alongside a collection-code refactor (PR #4413). Thanks to @ab-smith.

Integrations & Exports

• Richer audit/framework Excel exports — Excel exports now include typical evidence and annotations (PR #4414). Thanks to @Mohamed-Hacene.
• CSV export encoding — Fixed encoding issues in CSV exports (PR #4410). Thanks to @Mohamed-Hacene.
• FORCE_CREATE_ADMIN with existing user — FORCE_CREATE_ADMIN now works even if the user is already defined (PR #4376). Thanks to @eric-intuitem.

Performance

• Faster mapping list — Resolved slowness when loading the mapping list (PR #4380). Thanks to @Axxiar.

Internationalization & Accessibility

• Czech localization — A complete update of the Czech translation (PR #4389). Thanks to @zdenek-pergl.
• Italian to 100% — Italian translation completed to full coverage (PR #4403). Thanks to @pnatale.
• Accessibility tags recovered — Restored missing tags for accessibility (PR #4398). Thanks to @ab-smith.
• Library converter translations — Fixed missing question translations in convert_library_v2.py (PR #4412). Thanks to @tarkadia.
• Audit framework-name translation — Corrected a wrong Framework Name translation in the Audit Summary and Audit List (PR #4416). Thanks to @tarkadia.

Bug Fixes

• TPRM respondent permissions — Third-party respondents can no longer edit evidence status (PR #4420). Thanks to @tchoumi313.
• DORA evaluation labels — Fixed DORA evaluation fields showing raw codes in the solution detail view (PR #4409). Thanks to @Axxiar.
• Qualitative metrics choices — Restored the missing display of choice definitions in qualitative metrics definitions (PR #4402). Thanks to @Axxiar.
• User expiry editing — Allowed the expiring date to be in the past when editing a user, and fixed expiration to fall on the next day (PRs #4401, #4374). Thanks to @Axxiar and @eric-intuitem.
• Broken links in tables and findings — Prevented undefined links in modelTable cells (PR #4400) and fixed broken /undefined/<id> links on the finding detail page (PR #4424). Thanks to @tarkadia and @tpujolalan.

Welcome to new contributors @pnatale and @tpujolalan, who made their first contributions in this release. For full details, check out the v3.19.0 release notes on GitHub.