CISO Assistant
CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting. It supports 150+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS,
What is CISO Assistant?
CISO Assistant is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to ciso assistant is a one-stop-shop grc platform for risk management, appsec, compliance & audit, tprm, bia, privacy, and reporting. it supports 150+ global frameworks with automatic control mapping, in...
CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting. It supports 150+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS,
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- CISO Assistant is a one-stop-shop GRC platform for Risk Mana
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx ciso-assistant-communityConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use CISO Assistant
CISO Assistant Community is an open-source GRC (Governance, Risk & Compliance) platform that provides a single place for risk management, compliance auditing, AppSec, third-party risk (TPRM), business impact analysis (BIA), privacy management, and reporting — all backed by support for 119+ global frameworks including ISO 27001, NIST CSF, SOC 2, PCI DSS 4.0.1, GDPR, NIS2, DORA, CMMC v2, HIPAA, and EU AI Act with automatic control mapping between them. Security teams and CISOs use it to replace spreadsheet-based compliance tracking with a structured, API-first platform that connects risk findings to controls to evidence, and generates audit-ready reports. The community edition is free and self-hostable under AGPLv3.
Prerequisites
- Docker and Docker Compose installed (recommended deployment method)
- For production: PostgreSQL database and an SMTP server for email notifications
- For development: Python 3.14+, Node.js 24+, uv 0.9+, pnpm
- An MCP-compatible client such as Claude Desktop
- At least 2 GB RAM for the Docker deployment
Clone the repository
Clone the ciso-assistant-community repository. The quick-start Docker Compose setup is the recommended path for evaluation and production.
git clone --single-branch -b main https://github.com/intuitem/ciso-assistant-community.git
cd ciso-assistant-communityStart with Docker Compose
Run the provided startup script for your OS. It builds the images and starts the backend (Django), frontend (SvelteKit), and SQLite database. On first run it will prompt you to set an admin email and password.
# Linux / macOS
./docker-compose.sh
# Windows PowerShell
.\docker-compose.ps1Access the web interface
Open your browser to the CISO Assistant frontend. The default URL after the Docker Compose startup is localhost:5173.
open http://localhost:5173Configure production environment variables
For production deployments, set the required environment variables. At minimum set DJANGO_SECRET_KEY and CISO_ASSISTANT_URL. For PostgreSQL instead of SQLite, also set the POSTGRES_* variables.
export DJANGO_SECRET_KEY=your-long-random-secret
export CISO_ASSISTANT_URL=https://ciso.yourdomain.com
export POSTGRES_NAME=ciso
export POSTGRES_USER=ciso
export POSTGRES_PASSWORD=securepassword
export DB_HOST=postgresImport a compliance framework
Log in as admin, navigate to Frameworks, and import one of the 119+ bundled frameworks (e.g., ISO 27001:2022). CISO Assistant automatically maps controls across overlapping frameworks.
Add CISO Assistant as an MCP server
Configure your MCP client to connect to the CISO Assistant MCP endpoint for AI-assisted risk and compliance queries.
{
"mcpServers": {
"ciso-assistant": {
"command": "npx",
"args": ["ciso-assistant-community"]
}
}
}CISO Assistant Examples
Client configuration
MCP client configuration to connect an AI assistant to CISO Assistant Community.
{
"mcpServers": {
"ciso-assistant": {
"command": "npx",
"args": ["ciso-assistant-community"]
}
}
}Prompts to try
Sample prompts for using an AI assistant with CISO Assistant data.
- "What ISO 27001:2022 controls are mapped to NIST CSF PR.AC-1?"
- "Show me all open risks with a severity of High or Critical"
- "Which compliance gaps do we have against PCI DSS 4.0.1 requirement 6?"
- "Generate a summary of our SOC 2 audit readiness status"
- "List third-party vendors with overdue risk assessments"Troubleshooting CISO Assistant
Docker Compose startup fails with port already in use
The default setup uses ports 5173 (frontend) and 8000 (backend). Stop any process using those ports (`lsof -i :5173`) or edit the docker-compose.yml to map different host ports before running the startup script.
Admin account creation prompt does not appear on first run
Run `docker compose exec backend python manage.py createsuperuser` inside the running container to manually create the first admin account.
Framework import returns validation errors
Ensure you are importing an official framework YAML from the repository's `backend/library/libraries/` directory. Custom framework files must follow the documented CISO Assistant library syntax — check the Gitbook documentation at intuitem.gitbook.io/ciso-assistant.
Frequently Asked Questions about CISO Assistant
What is CISO Assistant?
CISO Assistant is a Model Context Protocol (MCP) server that ciso assistant is a one-stop-shop grc platform for risk management, appsec, compliance & audit, tprm, bia, privacy, and reporting. it supports 150+ global frameworks with automatic control mapping, including iso 27001, nist csf, soc 2, cis, pci dss, It connects AI assistants to external tools and data sources through a standardized interface.
How do I install CISO Assistant?
Follow the installation instructions on the CISO Assistant GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with CISO Assistant?
CISO Assistant works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is CISO Assistant free to use?
Yes, CISO Assistant is open source and available under the NOASSERTION license. You can use it freely in both personal and commercial projects.
CISO Assistant Alternatives — Similar Security Servers
Looking for alternatives to CISO Assistant? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up CISO Assistant in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use CISO Assistant?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.