· intuitem · News · 4 min read
What's New in CISO Assistant — Week 28, 2026 (v3.19.2)
A feature-rich patch: a reworked risk acceptance workflow, the NCA ECC-2:2024 framework, evidence on data breaches, expanded document management, ServiceNow asset sync, broader audit-log coverage, Slovak localization, and a long list of fixes.
The v3.19.2 patch landed on July 10 and, despite the point-release label, it packs a lot: a reworked risk acceptance workflow, a new regulatory framework, evidence support on data breaches, expanded document management, and a deep round of integrations, i18n, and bug fixes.
Headline Features
- Reworked risk acceptance workflow — The risk acceptance flow has been overhauled for a clearer, more robust approval experience (PR #4419). Thanks to @Mohamed-Hacene.
- NCA ECC-2:2024 framework — Added the Saudi National Cybersecurity Authority’s Essential Cybersecurity Controls (ECC-2:2024) as a built-in framework (PR #4378). Thanks to @smakarim.
- Expanded document management — A broad epic expanding CISO Assistant’s document management capabilities (PR #4458). Thanks to @ab-smith.
New Features
- Evidence on data breaches — Data breach records can now carry attached evidence (PR #4455). Thanks to @ab-smith.
- Extra options on findings tracking & exception status — More control over findings tracking and the status of exceptions (PR #4463). Thanks to @ab-smith.
- Autologin page — A new autologin page to streamline authentication flows (PR #4453). Thanks to @eric-intuitem.
- More customization on GDPR processings — Additional customization options for GDPR processing records (PR #4477). Thanks to @ab-smith.
- Column selection on nested action plans — Choose which columns are shown in nested action plan views (PR #4495). Thanks to @ab-smith.
Integrations & Data Wizard
- ServiceNow asset sync — Integrations now support asset synchronization, with the ServiceNow schema cached via startup warming and a manual refresh option (PR #4362). Thanks to @nas-tabchiche.
- Import/Export representatives — Representatives can now be imported and exported through the Data Wizard (PR #4456). Thanks to @tarkadia.
- Task template import — Added task template import functionality to both the Data Wizard and the CLI (PR #4487). Thanks to @tchoumi313.
Security & Audit
- Broader audit-log coverage — The audit log now covers settings changes and additional object types for a more complete activity trail (PR #4490). Thanks to @ab-smith.
Internationalization
- Slovak localization — Added Slovak as a supported language (PR #4467). Thanks to @datasecsro.
- Confirmation word in sensitive-operation modals — Sensitive-operation confirmation modals now honor the translated confirmation word (PR #4466). Thanks to @ab-smith.
- Contract translations & log redirections — Multiple translation fixes around contracts and the new logs redirection pattern (PR #4482). Thanks to @ab-smith.
Bug Fixes
- Jira field mapping on self-hosted 9+ — Fixed broken field mapping on self-hosted Jira 9 and later (PR #4449). Thanks to @Mohamed-Hacene.
- Mapping set framework names — Resolved incorrect framework names for non-imported frameworks in mapping sets (PR #4459). Thanks to @nas-tabchiche.
- Non-ASCII export filenames — Better handling of non-ASCII characters in filenames during export (PR #4464). Thanks to @ab-smith.
- Portal file names preserved — External files for portals now keep their original filename and extension (PR #4484). Thanks to @ab-smith.
- Action plan PDF cost — Fixed missing cost in the action plan PDF export (PR #4465). Thanks to @ab-smith.
- Empty REF_ID rejected — Qualitative metric choices now reject an empty
REF_IDon both create and update (PR #4437). Thanks to @mvanhorn. - Unlinking the last Evidence label — Fixed a case where the last remaining label could not be unlinked from an Evidence (PR #4447). Thanks to @tchoumi313.
- Multi-value risk-level filtering — Restored multi-value filtering on risk
current_levelandresidual_level(PR #4436). Thanks to @tchoumi313. - Feared events table — Aligned the feared events nested table to the standard pattern and surfaced entity labels (PR #4446). Thanks to @ab-smith.
- EBIOS RM improvements — Multiple UI improvements on EBIOS RM (PR #4492). Thanks to @ab-smith.
- Preset editor edit page — Fixed the preset editor edit page (PR #4486). Thanks to @Mohamed-Hacene.
- Exceptions adjustments — A round of adjustments to the exceptions handling (PR #4478). Thanks to @Mohamed-Hacene.
- Report template overrides (Pro) — Fixed edge cases with document report template overrides (PR #4493). Thanks to @ab-smith.
- UI glitches — Cleaned up multiple UI glitches across the app (PR #4488). Thanks to @ab-smith.
Welcome to new contributors @datasecsro, @mvanhorn, @Totara-thib, and @thomasboni, who made their first contributions in this release. For full details, check out the v3.19.2 release notes on GitHub.