// the find
intuitem/ciso-assistant-community
CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting. It supports 150+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS, NIS2, DORA, GDPR, HIPAA, CMMC, and more.
CISO Assistant is a Django + SvelteKit GRC platform for managing compliance assessments, risk, and audits across 150+ security frameworks. It's aimed at security teams and CISOs who need to run ISO 27001, NIST CSF, SOC 2, DORA, and similar assessments without buying Archer or ServiceNow. Self-hostable via Docker, with a commercial SaaS tier.
The framework library is genuinely impressive — 150+ frameworks loaded as YAML/Excel with automatic cross-framework control mapping, meaning you can assess against ISO 27001 and NIST CSF simultaneously without duplicating work. The decoupling of compliance assessments from underlying controls is the right architectural call and saves real hours in multi-framework audits. API-first design with Swagger docs and a working n8n integration node means it can slot into existing automation pipelines. Test coverage is solid: separate backend API tests, frontend unit tests, and full Playwright functional tests all running in CI.
The framework breadth is a liability as much as an asset — 150+ frameworks means the quality of individual framework implementations is hard to audit and community contributions vary wildly. The LLM/AI chat feature (Qdrant RAG, agentic workflows) feels bolted on rather than integrated — it lives in a separate `chat` module with its own index management commands, and the README buries it in a single line. AGPL v3 licensing with a commercial enterprise tier in the same monorepo creates adoption friction for any company with legal review, since the boundary between CE and EE features isn't always obvious from the outside. Windows development is marked experimental and requires MSYS2 with manual PATH surgery — not a great signal for teams where developers don't all run Linux.