Getting your custom framework
Last updated
Last updated
© intuitem, 2018-2024
CISO Assistant allows you to manage your custom frameworks. The format is a text-based YAML file that you can customize, but it can be tricky to maintain and debug. To manage this, we've introduced a simpler approach to convert Excel sheets using the convert_library.py
utility available at the /tools
of the Github repository root.
The first thing to consider is structuring your requirements into a hierarchy, as illustrated in the example above. Most standards, frameworks, and law documents are already organized this way. This is the depth concept and CISO Assistant has been tested with nodes up to the 8th level depth (documents beyond 6 are mostly hard to read anyway)
Then, the other vital aspect to think about will be which items are actually assessable. For instance, the categories, sections, and subsections are for organization and, therefore, won't be assessable unlike the requirements.
Here is what a standard file should look like accordingly:
This is taken from the sample file available under /tools/sample/sample.xlsx
and can be used as a reference.
Implementation groups are an optional argument that can be used to create subset of the requirements per level or a scope of applicability. They can be combined or isolated depending on the framework structure.
Clone the repo and make sure you are at its root
Make sure you have Python installed (including pip), version 3.11 or higher is recommended
cd to /tools
run
pip install -r requirements.txt
to install the script dependencies
copy the sample directory, including the file within, to a new directory at the same level, for instance, myframework/my-custom-framework.xlsx
Edit the first tab (library_content
) to describe your framework metadata
Implementation groups and score descriptions are optional, so if they don't apply, you can simply remove lines
Edit the Excel sheet according to the expected hierarchy.
The order of the items is essential and will be used to build the tree on CISO Assistant. So make sure you're following the previously described structure
From the tools folder, run
python3 convert_library.py myframework/my-custom-framework.xlsx
to generate the yaml file, if a mandatory field is missing, you'll get an error explaining the issue.
If everything is good, you'll get a message confirming the generation of the file generating myframework/my-custom-framework.yaml
Open CISO Assistant. On the side menu, go to Extra/Libraries
then to the Libraries store
tab
Scroll down to get to Upload your own library
section and select your file.
If the file is consistent and correct, you'll get a confirmation and it will get straight ahead to your imported frameworks under Compliance/Frameworks
section
We have simplified the steps of testing custom frameworks starting version 1.3.4 where you can experiment with the same flexibility for both on-premises and SaaS version: \