CISO Assistant
  • 👋Welcome to CISO Assistant
  • Guide
    • Installation
    • Understanding decoupling
    • General tips
    • Journeys
    • 🏗️Creating your first perimeter
    • ✅Creating your first Audit
    • 📊Creating your first risk assessment
    • 🔎Overview
    • 🧰Extra tools
    • 🌐External resources
    • Understand mapping
    • Glossary
    • Data import wizard
  • Features highlight
    • Controls autosuggestion
    • Multi-level support
    • Flash mode
    • Evidences from clipboard
    • Library upgrade
    • Mapping explorer
    • SSO
      • Microsoft Entra ID
      • Okta
      • Keycloak
      • Google Workplace
    • Setting up Multi-Factor Authentication (MFA)
  • Model
    • 📁Organization
      • Add and manage users
      • User Groups
    • ⚙️Context
    • 🏛️Governance
    • 💣Risk
    • 📋Compliance
  • Deployment
    • Prerequisites
    • Local
    • Remote/Virtualization
    • Deploy on a VPS
    • Frequent questions
    • Setting up mailer
    • Updating your local instance
    • Helm Chart
    • Special cases
    • Upgrading a library
  • ✨Customization
    • Getting your custom framework
    • CIS Controls
    • Changing the language
  • Contributing
    • Internationalization
      • Translating the interface
    • Submit a library
  • Academy
    • Overview
    • Third Parties Risk Management
    • Etude EBIOS RM
Powered by GitBook

Community

  • Github
  • Discord

intuitem

  • Home
  • SaaS trial

© intuitem, 2018-2024

On this page
  • Structure
  • File conversion steps
  • importing
  • testing your custom framework
  • NEW: Full guide (French)

Was this helpful?

Export as PDF
  1. Customization

Getting your custom framework

PreviousUpgrading a libraryNextCIS Controls

Last updated 3 months ago

Was this helpful?

CISO Assistant allows you to manage your custom frameworks. The format is a text-based YAML file that you can customize, but it can be tricky to maintain and debug. To manage this, we've introduced a simpler approach to convert Excel sheets using the convert_library.py utility available at the of the repository root.

Structure

The first thing to consider is structuring your requirements into a hierarchy, as illustrated in the example above. Most standards, frameworks, and law documents are already organized this way. This is the depth concept and CISO Assistant has been tested with nodes up to the 8th level depth (documents beyond 6 are mostly hard to read anyway)

Then, the other vital aspect to think about will be which items are actually assessable. For instance, the categories, sections, and subsections are for organization and, therefore, won't be assessable unlike the requirements.

Here is what a standard file should look like accordingly:

This is taken from the sample file available under /tools/sample/sample.xlsx and can be used as a reference.

Implementation groups are an optional argument that can be used to create subset of the requirements per level or a scope of applicability. They can be combined or isolated depending on the framework structure.

File conversion steps

  1. Clone the repo and make sure you are at its root

  2. Make sure you have Python installed (including pip), version 3.11 or higher is recommended

  3. cd to /tools

  4. run pip install -r requirements.txt to install the script dependencies

  5. copy the sample directory, including the file within, to a new directory at the same level, for instance, myframework/my-custom-framework.xlsx

  6. Edit the first tab (library_content) to describe your framework metadata

    1. Implementation groups and score descriptions are optional, so if they don't apply, you can simply remove lines

  7. Edit the Excel sheet according to the expected hierarchy.

    1. The order of the items is essential and will be used to build the tree on CISO Assistant. So make sure you're following the previously described structure

  8. From the tools folder, run python3 convert_library.py myframework/my-custom-framework.xlsx to generate the yaml file, if a mandatory field is missing, you'll get an error explaining the issue.

  9. If everything is good, you'll get a message confirming the generation of the file generating myframework/my-custom-framework.yaml

importing

  1. Open CISO Assistant. On the side menu, go to Governance/Libraries then to the Libraries store tab

  2. Scroll down to get to Upload your own library section and select your file.

  3. If the file is consistent and correct, you'll get a confirmation and it will get straight ahead to your imported frameworks under Compliance/Frameworks section

testing your custom framework

We have simplified the steps of testing custom frameworks starting version 1.3.4 where you can experiment with the same flexibility for both on-premises and SaaS version: \

NEW: Full guide (French)

✨
/tools
Github
Testing your custom framework
Hierarchy-based file