CISO Assistant

v1.0.0Securitystable

CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting. It supports 150+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS,

auditautomationbsiciscompliance
Share:
4,060
Stars
0
Downloads
0
Weekly
0/5

What is CISO Assistant?

CISO Assistant is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to ciso assistant is a one-stop-shop grc platform for risk management, appsec, compliance & audit, tprm, bia, privacy, and reporting. it supports 150+ global frameworks with automatic control mapping, in...

CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting. It supports 150+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS,

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • CISO Assistant is a one-stop-shop GRC platform for Risk Mana

Use Cases

GRC platform for risk management and compliance
Support 150+ global frameworks with automatic mapping
intuitem

Maintainer

LicenseNOASSERTION
Languagepython
Versionv1.0.0
UpdatedMay 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx ciso-assistant-community

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use CISO Assistant

CISO Assistant Community is an open-source GRC (Governance, Risk & Compliance) platform that provides a single place for risk management, compliance auditing, AppSec, third-party risk (TPRM), business impact analysis (BIA), privacy management, and reporting — all backed by support for 119+ global frameworks including ISO 27001, NIST CSF, SOC 2, PCI DSS 4.0.1, GDPR, NIS2, DORA, CMMC v2, HIPAA, and EU AI Act with automatic control mapping between them. Security teams and CISOs use it to replace spreadsheet-based compliance tracking with a structured, API-first platform that connects risk findings to controls to evidence, and generates audit-ready reports. The community edition is free and self-hostable under AGPLv3.

Prerequisites

  • Docker and Docker Compose installed (recommended deployment method)
  • For production: PostgreSQL database and an SMTP server for email notifications
  • For development: Python 3.14+, Node.js 24+, uv 0.9+, pnpm
  • An MCP-compatible client such as Claude Desktop
  • At least 2 GB RAM for the Docker deployment
1

Clone the repository

Clone the ciso-assistant-community repository. The quick-start Docker Compose setup is the recommended path for evaluation and production.

git clone --single-branch -b main https://github.com/intuitem/ciso-assistant-community.git
cd ciso-assistant-community
2

Start with Docker Compose

Run the provided startup script for your OS. It builds the images and starts the backend (Django), frontend (SvelteKit), and SQLite database. On first run it will prompt you to set an admin email and password.

# Linux / macOS
./docker-compose.sh

# Windows PowerShell
.\docker-compose.ps1
3

Access the web interface

Open your browser to the CISO Assistant frontend. The default URL after the Docker Compose startup is localhost:5173.

open http://localhost:5173
4

Configure production environment variables

For production deployments, set the required environment variables. At minimum set DJANGO_SECRET_KEY and CISO_ASSISTANT_URL. For PostgreSQL instead of SQLite, also set the POSTGRES_* variables.

export DJANGO_SECRET_KEY=your-long-random-secret
export CISO_ASSISTANT_URL=https://ciso.yourdomain.com
export POSTGRES_NAME=ciso
export POSTGRES_USER=ciso
export POSTGRES_PASSWORD=securepassword
export DB_HOST=postgres
5

Import a compliance framework

Log in as admin, navigate to Frameworks, and import one of the 119+ bundled frameworks (e.g., ISO 27001:2022). CISO Assistant automatically maps controls across overlapping frameworks.

6

Add CISO Assistant as an MCP server

Configure your MCP client to connect to the CISO Assistant MCP endpoint for AI-assisted risk and compliance queries.

{
  "mcpServers": {
    "ciso-assistant": {
      "command": "npx",
      "args": ["ciso-assistant-community"]
    }
  }
}

CISO Assistant Examples

Client configuration

MCP client configuration to connect an AI assistant to CISO Assistant Community.

{
  "mcpServers": {
    "ciso-assistant": {
      "command": "npx",
      "args": ["ciso-assistant-community"]
    }
  }
}

Prompts to try

Sample prompts for using an AI assistant with CISO Assistant data.

- "What ISO 27001:2022 controls are mapped to NIST CSF PR.AC-1?"
- "Show me all open risks with a severity of High or Critical"
- "Which compliance gaps do we have against PCI DSS 4.0.1 requirement 6?"
- "Generate a summary of our SOC 2 audit readiness status"
- "List third-party vendors with overdue risk assessments"

Troubleshooting CISO Assistant

Docker Compose startup fails with port already in use

The default setup uses ports 5173 (frontend) and 8000 (backend). Stop any process using those ports (`lsof -i :5173`) or edit the docker-compose.yml to map different host ports before running the startup script.

Admin account creation prompt does not appear on first run

Run `docker compose exec backend python manage.py createsuperuser` inside the running container to manually create the first admin account.

Framework import returns validation errors

Ensure you are importing an official framework YAML from the repository's `backend/library/libraries/` directory. Custom framework files must follow the documented CISO Assistant library syntax — check the Gitbook documentation at intuitem.gitbook.io/ciso-assistant.

Frequently Asked Questions about CISO Assistant

What is CISO Assistant?

CISO Assistant is a Model Context Protocol (MCP) server that ciso assistant is a one-stop-shop grc platform for risk management, appsec, compliance & audit, tprm, bia, privacy, and reporting. it supports 150+ global frameworks with automatic control mapping, including iso 27001, nist csf, soc 2, cis, pci dss, It connects AI assistants to external tools and data sources through a standardized interface.

How do I install CISO Assistant?

Follow the installation instructions on the CISO Assistant GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with CISO Assistant?

CISO Assistant works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is CISO Assistant free to use?

Yes, CISO Assistant is open source and available under the NOASSERTION license. You can use it freely in both personal and commercial projects.

CISO Assistant Alternatives — Similar Security Servers

Looking for alternatives to CISO Assistant? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "ciso-assistant-community": { "command": "npx", "args": ["-y", "ciso-assistant-community"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use CISO Assistant?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides