CISO Assistant

CISO Assistant is an open source GRC platform for cybersecurity teams that need a central place for risk management, AppSec, compliance and audit, third-party risk, business impact analysis, privacy, and reporting. It is built to reduce tool fragmentation and data duplication by linking security concepts in one system.

It uses smart linking between objects, an API-first design, and an open format for custom objects and frameworks. Built-in workflows cover risk assessment and remediation tracking, with import and export across the UI, CLI, Kafka, and reports. It ships 150+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, NIS2, DORA, and GDPR, and you can add your own from Excel or YAML.

The community edition is released under AGPLv3, while Pro and Enterprise are commercial. It runs with Docker and Docker Compose on your own infrastructure using SQLite or PostgreSQL, and a hosted cloud free trial is available. It is maintained by intuitem.