# CISO Assistant

## CISO Assistant

- [Welcome to CISO Assistant](https://intuitem.gitbook.io/ciso-assistant/readme.md): This is CISO Assistant documentation. You'll find advice on how to get started, and details on our vision of risk and compliance assessment.
- [Installation](https://intuitem.gitbook.io/ciso-assistant/guide/installation.md): Docker Compose or Helm for Kubernetes
- [Understanding decoupling](https://intuitem.gitbook.io/ciso-assistant/guide/understanding-decoupling.md)
- [General tips](https://intuitem.gitbook.io/ciso-assistant/guide/general-tips.md)
- [Journeys](https://intuitem.gitbook.io/ciso-assistant/guide/journeys.md)
- [Creating your first perimeter](https://intuitem.gitbook.io/ciso-assistant/guide/creating-your-first-perimeter.md): Small tutorial to learn how to create your first perimeter and be prepared for risk and compliance assessment
- [Creating your first Audit](https://intuitem.gitbook.io/ciso-assistant/guide/creating-your-first-audit.md): Small tutorial to learn how to create your first compliance assessment
- [Creating your first risk assessment](https://intuitem.gitbook.io/ciso-assistant/guide/creating-your-first-risk-assessment.md): Small tutorial to learn how to create your first compliance assessment
- [Overview](https://intuitem.gitbook.io/ciso-assistant/guide/overview.md): Manage your assessments over time
- [Extra tools](https://intuitem.gitbook.io/ciso-assistant/guide/extra-tools.md): Some useful tools for following up assessments
- [External resources](https://intuitem.gitbook.io/ciso-assistant/guide/external-resources.md): Community supported content
- [Understand mapping](https://intuitem.gitbook.io/ciso-assistant/guide/understand-mapping.md): Main concepts of the mapping feature
- [Glossary](https://intuitem.gitbook.io/ciso-assistant/guide/glossary.md)
- [Data import wizard](https://intuitem.gitbook.io/ciso-assistant/guide/data-import-wizard.md): Guidelines on data import format
- [Notifications](https://intuitem.gitbook.io/ciso-assistant/guide/notifications.md): CISO Assistant can send you email notifications to keep you informed about deadlines, assignments, and status changes.
- [Controls autosuggestion](https://intuitem.gitbook.io/ciso-assistant/features-focus/controls-autosuggestion.md)
- [Multi-level support](https://intuitem.gitbook.io/ciso-assistant/features-focus/multi-level-support.md): Through implementation groups
- [Flash mode](https://intuitem.gitbook.io/ciso-assistant/features-focus/flash-mode.md): Establishing a security posture in flashcards mode
- [Evidences from clipboard](https://intuitem.gitbook.io/ciso-assistant/features-focus/evidences-from-clipboard.md): Productivity tips series
- [Library upgrade](https://intuitem.gitbook.io/ciso-assistant/features-focus/library-upgrade.md)
- [Library clean-up](https://intuitem.gitbook.io/ciso-assistant/features-focus/library-clean-up.md): How to delete/remove a loaded library
- [Mapping explorer](https://intuitem.gitbook.io/ciso-assistant/features-focus/graph-explorer.md)
- [SSO](https://intuitem.gitbook.io/ciso-assistant/features-focus/sso.md): Configure Single Sign-On with different SAML or OpenID Connect providers
- [SAML](https://intuitem.gitbook.io/ciso-assistant/features-focus/sso/saml.md)
- [OpenID Connect (OIDC)](https://intuitem.gitbook.io/ciso-assistant/features-focus/sso/openid-connect-oidc.md)
- [Identity providers](https://intuitem.gitbook.io/ciso-assistant/features-focus/sso/identity-providers.md)
- [Microsoft Entra ID](https://intuitem.gitbook.io/ciso-assistant/features-focus/sso/identity-providers/microsoft-entra-id.md): Configure Microsoft Entra ID as an Identity Provider for CISO Assistant
- [Okta](https://intuitem.gitbook.io/ciso-assistant/features-focus/sso/identity-providers/okta.md): Configure Okta as an Identity Provider for CISO Assistant
- [Google Workspace](https://intuitem.gitbook.io/ciso-assistant/features-focus/sso/identity-providers/google-workplace.md): Configure Google Workspace as an Identity Provider for CISO Assistant
- [Keycloak](https://intuitem.gitbook.io/ciso-assistant/features-focus/sso/identity-providers/keycloak.md): Configure Keycloak as an Identity Provider for CISO Assistant
- [Setting up Multi-Factor Authentication (MFA)](https://intuitem.gitbook.io/ciso-assistant/features-focus/setting-up-multi-factor-authentication-mfa.md): Multi-factor authentication adds an extra layer of security to your account by requiring both your password and a time-based code when you log in.
- [Metrics](https://intuitem.gitbook.io/ciso-assistant/features-focus/metrics.md)
- [Assignments / respondent mode](https://intuitem.gitbook.io/ciso-assistant/features-focus/assignments-respondent-mode.md): Overview of the requirements dispatch mode
- [Organization](https://intuitem.gitbook.io/ciso-assistant/model/organization.md): You can find here CISO Assistant global organization. All entities will be linked to or contained within these objects.
- [Add and manage users](https://intuitem.gitbook.io/ciso-assistant/model/organization/add-and-manage-users.md)
- [User Groups](https://intuitem.gitbook.io/ciso-assistant/model/organization/user-groups.md): User groups are built-in objects giving permissions to all users inside of them, with a specific role across a scope.
- [Custom roles](https://intuitem.gitbook.io/ciso-assistant/model/organization/custom-roles.md): For fine-grained permissions management - PRO feature
- [Understanding the IAM model](https://intuitem.gitbook.io/ciso-assistant/model/organization/understanding-the-iam-model.md): Deep dive into CISO Asisstant IAM model
- [Teams](https://intuitem.gitbook.io/ciso-assistant/model/organization/teams.md)
- [Context](https://intuitem.gitbook.io/ciso-assistant/model/context.md): This is the place to define the context for risk and compliance management. All items here are optional.
- [Governance](https://intuitem.gitbook.io/ciso-assistant/model/governance.md): You will set here documents and items that are used as a basis for assessments.
- [Risk](https://intuitem.gitbook.io/ciso-assistant/model/risk.md): This is where risk analyses are managed, from definition to potential acceptance.
- [Compliance](https://intuitem.gitbook.io/ciso-assistant/model/compliance.md): This is where you can carry out your compliance work based on the framework of your choice.
- [Manage extended result](https://intuitem.gitbook.io/ciso-assistant/model/compliance/manage-extended-result.md): Minor nonconformity, Major nonconformity, etc.
- [Domain export/import](https://intuitem.gitbook.io/ciso-assistant/model/domain-export-import.md)
- [Prerequisites](https://intuitem.gitbook.io/ciso-assistant/deployment/prerequisites.md)
- [Local](https://intuitem.gitbook.io/ciso-assistant/deployment/local.md): Basic setup for local deployment and experimentation
- [Docker rootless configuration](https://intuitem.gitbook.io/ciso-assistant/deployment/docker-rootless-configuration.md): Deployment documentation for rootless containers
- [Remote/Virtualization](https://intuitem.gitbook.io/ciso-assistant/deployment/remote-virtualization.md): Experimenting CISO Assistant through remote server or hypervisor
- [Deploy on a VPS](https://intuitem.gitbook.io/ciso-assistant/deployment/deploy-on-a-vps.md): Virtual Private Server - Remote internet-facing VM
- [Custom certificates](https://intuitem.gitbook.io/ciso-assistant/deployment/custom-certificates.md): How to add custom certificates for your remote installation
- [Managing Secrets](https://intuitem.gitbook.io/ciso-assistant/deployment/managing-secrets.md): This guide covers how to keep sensitive configuration (database credentials, mailer passwords, API keys) out of your docker-compose.yml.
- [Frequent questions](https://intuitem.gitbook.io/ciso-assistant/deployment/frequent-questions.md)
- [Setting up S3](https://intuitem.gitbook.io/ciso-assistant/deployment/setting-up-s3.md): How to connect your S3 block storage for your installation
- [Setting up mailer](https://intuitem.gitbook.io/ciso-assistant/deployment/setting-up-mailer.md): CISO Assistant uses SMTP to send transactional emails (password reset, superuser creation, notifications). This page covers configuration and the TLS specifics introduced in 3.16.
- [Updating your local instance](https://intuitem.gitbook.io/ciso-assistant/deployment/updating-your-local-instance.md): How to update your local instance. All docker images are available on ghcr with the specific versions matching the repo tags. The latest tag points to the most recent release for both back and front.
- [Helm Chart](https://intuitem.gitbook.io/ciso-assistant/deployment/helm-chart.md): instructions for Kubernetes installation with Helm Chart
- [Special cases](https://intuitem.gitbook.io/ciso-assistant/deployment/special-cases.md): Tips and tricks regarding specific cases
- [Upgrading a library](https://intuitem.gitbook.io/ciso-assistant/deployment/upgrading-a-library.md): getting the incremental updates of your framework, matrix or catalog
- [Windows](https://intuitem.gitbook.io/ciso-assistant/deployment/windows.md): Draft
- [Designing your own Libraries](https://intuitem.gitbook.io/ciso-assistant/customization/designing-your-own-libraries.md)
- [Getting your custom framework (v1)](https://intuitem.gitbook.io/ciso-assistant/customization/getting-your-custom-framework.md)
- [CIS Controls / Cloud Controls Matrix (CCM)](https://intuitem.gitbook.io/ciso-assistant/customization/cis-controls.md): Importing CIS Controls or CSA CCM
- [Changing the language](https://intuitem.gitbook.io/ciso-assistant/customization/changing-the-language.md): Switch the UI language
- [Internationalization](https://intuitem.gitbook.io/ciso-assistant/contributing/internationalization.md): How to contribute to CISO Assistant internationalization
- [Translating the interface](https://intuitem.gitbook.io/ciso-assistant/contributing/internationalization/translating-the-interface.md)
- [Submit a library](https://intuitem.gitbook.io/ciso-assistant/contributing/submit-a-library-framework.md): How to submit a framework, matrix or catalog to the community repository
- [00 - initial setup](https://intuitem.gitbook.io/ciso-assistant/ca-journeys/00-initial-setup.md)
- [01 - basic audit](https://intuitem.gitbook.io/ciso-assistant/ca-journeys/overview.md)
- [Third Parties Risk Management](https://intuitem.gitbook.io/ciso-assistant/ca-journeys/third-parties-risk-management.md)
- [Etude EBIOS RM](https://intuitem.gitbook.io/ciso-assistant/ca-journeys/etude-ebios-rm.md)
- [New - Cyber Risk Quantification](https://intuitem.gitbook.io/ciso-assistant/ca-journeys/new-cyber-risk-quantification.md): CRQ quick start
- [Integration overview](https://intuitem.gitbook.io/ciso-assistant/integration/integration-overview.md)
- [Generating a PAT](https://intuitem.gitbook.io/ciso-assistant/integration/generating-a-pat.md): Personal Access Token to interact with the API
- [API usage](https://intuitem.gitbook.io/ciso-assistant/integration/api-usage.md)
- [Third-party integrations](https://intuitem.gitbook.io/ciso-assistant/integration/third-party-integrations.md): Integrate CISO Assistant with third-party providers
- [Jira](https://intuitem.gitbook.io/ciso-assistant/integration/third-party-integrations/jira.md)
- [ServiceNow](https://intuitem.gitbook.io/ciso-assistant/integration/third-party-integrations/servicenow.md): ServiceNow Integration Guide
- [Outgoing webhooks](https://intuitem.gitbook.io/ciso-assistant/integration/outgoing-webhooks.md)
- [MCP setup guide](https://intuitem.gitbook.io/ciso-assistant/integration/mcp-setup-guide.md): This guide explains how to connect your AI assistant to CISO Assistant using the Model Context Protocol (MCP). Once set up, you'll be able to ask your AI to create risk assessments, manage compliance
- [GRC Summit - Luxembourg 2025](https://intuitem.gitbook.io/ciso-assistant/presentations/grc-summit-luxembourg-2025.md)
- [Prowler x CISO Assistant](https://intuitem.gitbook.io/ciso-assistant/presentations/prowler-x-ciso-assistant.md): Notes from 12/06/2025 session

## Product Docs

- [Welcome](https://intuitem.gitbook.io/ciso-assistant/product-docs/readme.md)
- [Philosophy](https://intuitem.gitbook.io/ciso-assistant/product-docs/introduction/philosophy.md)
- [Vocabulary](https://intuitem.gitbook.io/ciso-assistant/product-docs/introduction/vocabulary.md)
- [Community vs PRO](https://intuitem.gitbook.io/ciso-assistant/product-docs/introduction/editions.md): How the Community and PRO editions differ, how contributor seats are counted, and where each edition can run
- [Foundations](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/foundations.md)
- [Domains](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/foundations/domains.md)
- [Perimeters](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/foundations/perimeters.md)
- [Actors and teams](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/foundations/actors-and-teams.md): How CISO Assistant represents people, groups, and external parties for assignment and responsibility
- [IAM and scoping](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/foundations/iam-and-scoping.md): How IAM, the domain hierarchy, publication, and cross-domain visibility shape what each user sees
- [Catalog](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/catalog.md)
- [Libraries](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/catalog/libraries.md)
- [Frameworks](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/catalog/frameworks.md)
- [Mappings](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/catalog/mappings.md): Directed graphs linking the requirements of one framework to those of another
- [Risk matrices](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/catalog/risk-matrices.md): The lookup tables that derive a risk level from probability and impact
- [Threats](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/catalog/threats.md)
- [Threat intelligence](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/catalog/threat-intel.md): Catalogued vulnerabilities, weaknesses, and the feeds that enrich them
- [Metrics](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/catalog/metrics.md)
- [Journeys](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/catalog/journeys.md): Guided, step-by-step workflows that bootstrap a domain along a recognised path
- [Assets and resilience](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/assets-and-resilience.md)
- [Assets](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/assets-and-resilience/assets.md)
- [Business impact analyses](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/assets-and-resilience/business-impact-analyses.md)
- [Operations](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/operations.md)
- [Applied controls](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/operations/applied-controls.md)
- [Tasks](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/operations/tasks.md): Recurring and one-off operational work tracked against assignees, schedules, and evidence
- [Incidents](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/operations/incidents.md): Security and operational events tracked from detection through resolution
- [Governance](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/governance.md)
- [Policies](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/governance/policies.md)
- [Findings assessments](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/governance/findings-assessments.md)
- [Validation flows](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/governance/validation-flows.md): Formal sign-off workflow that routes assessments, policies, evidence, and other artefacts through one or more approvers
- [Risk](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/risk.md)
- [Risk assessments](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/risk/risk-assessments.md)
- [EBIOS RM](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/risk/ebios-rm.md)
- [Quantitative risk studies](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/risk/quantitative-risk-studies.md)
- [Vulnerabilities](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/risk/vulnerabilities.md): Catalogued weaknesses tracked through detection, triage, and remediation
- [Compliance](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/compliance.md)
- [Audits](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/compliance/audits.md)
- [Manage extended result](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/compliance/audits/extended-results.md): Minor nonconformity, Major nonconformity, etc.
- [Evidence](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/compliance/evidence.md)
- [Specialised modules](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/specialised-modules.md)
- [Third-party risk](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/specialised-modules/third-party-risk.md)
- [Privacy register](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/specialised-modules/privacy-register.md)
- [Project management](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/specialised-modules/project-management.md)
- [Terminology](https://intuitem.gitbook.io/ciso-assistant/product-docs/concepts/specialised-modules/terminology.md): Organisation-defined labels that override the platform's defaults
- [Overview](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/installation.md)
- [Quick start](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/quick-start.md): Docker Compose or Helm for Kubernetes
- [Prerequisites](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/prerequisites.md)
- [Deployment methods](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/deployment-methods.md)
- [Local](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/deployment-methods/local.md): Basic setup for local deployment and experimentation
- [Docker rootless configuration](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/deployment-methods/docker-rootless.md): Deployment documentation for rootless containers
- [Remote/Virtualization](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/deployment-methods/remote-virtualization.md): Experimenting CISO Assistant through remote server or hypervisor
- [Deploy on a VPS](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/deployment-methods/vps.md): Virtual Private Server - Remote internet-facing VM
- [Windows](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/deployment-methods/windows.md): Draft
- [Helm Chart](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/deployment-methods/helm-chart.md): Kubernetes installation with the official Helm chart
- [Post-install setup](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/post-install-setup.md)
- [Custom certificates](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/post-install-setup/custom-certificates.md): How to add custom certificates for your remote installation
- [Managing secrets](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/post-install-setup/managing-secrets.md): This guide covers how to keep sensitive configuration (database credentials, mailer passwords, API keys) out of your docker-compose.yml.
- [Setting up S3](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/post-install-setup/s3.md): How to connect your S3 block storage for your installation
- [Setting up mailer](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/post-install-setup/mailer.md): CISO Assistant uses SMTP to send transactional emails (password reset, superuser creation, notifications). This page covers configuration and the TLS specifics introduced in 3.16.
- [Prometheus metrics](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/post-install-setup/prometheus-metrics.md): CISO Assistant exposes a /metrics endpoint in the Prometheus exposition format. This page explains how to enable it and how to access it safely from Prometheus without exposing it publicly.
- [Structured logging](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/post-install-setup/structured-logging.md): CISO Assistant can emit its operational logs as line-delimited JSON so a SIEM (Microsoft Sentinel, Azure Data Explorer, Splunk, Elastic) can ingest them without custom parsing. This page explains how
- [Maintenance](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/maintenance.md)
- [Updating your local instance](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/maintenance/updating.md): How to update your local instance. All docker images are available on ghcr with the specific versions matching the repo tags. The latest tag points to the most recent release for both back and front.
- [Special cases](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/maintenance/special-cases.md): Tips and tricks regarding specific cases
- [Migrate between different databases](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/maintenance/migrate-database.md): You think it is time to change or try a new database on CISO Assistant? You were using SQLite and now want to switch to PostgreSQL, or the other way around? This guide is for you.
- [Frequent questions](https://intuitem.gitbook.io/ciso-assistant/product-docs/installation/faq.md)
- [Overview](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/configuration.md)
- [Settings](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/settings.md)
- [General settings](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/settings/general.md)
- [Feature flags](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/settings/feature-flags.md)
- [Vulnerability SLA policy](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/settings/vulnerability-sla.md)
- [Security intelligence feeds](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/settings/sec-intel-feeds.md)
- [Allowed IP whitelist](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/settings/infra-config-allowed-ip.md): Control which IP addresses and CIDR ranges are allowed to reach the CISO Assistant backend. Administrators manage the allowlist from the settings UI, and the infrastructure layer picks it up automatic
- [Branding](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/settings/branding.md)
- [Custom templates](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/settings/custom-templates.md)
- [Organization](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/organization.md): You can find here CISO Assistant global organization. All entities will be linked to or contained within these objects.
- [Add and manage users](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/organization/users.md)
- [User groups](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/organization/user-groups.md): User groups are built-in objects giving permissions to all users inside of them, with a specific role across a scope.
- [Custom roles](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/organization/custom-roles.md): Fine-grained permissions management
- [Understanding the IAM model](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/organization/iam-model.md): Deep dive into CISO Asisstant IAM model
- [Teams](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/organization/teams.md)
- [SSO](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/sso.md): Configure Single Sign-On with different SAML or OpenID Connect providers
- [SAML](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/sso/saml.md)
- [OpenID Connect (OIDC)](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/sso/oidc.md)
- [Identity providers](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/sso/identity-providers.md)
- [Microsoft Entra ID](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/sso/identity-providers/entra-id.md): Configure Microsoft Entra ID as an Identity Provider for CISO Assistant
- [Okta](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/sso/identity-providers/okta.md): Configure Okta as an Identity Provider for CISO Assistant
- [Google Workspace](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/sso/identity-providers/google-workspace.md): Configure Google Workspace as an Identity Provider for CISO Assistant
- [Keycloak](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/sso/identity-providers/keycloak.md): Configure Keycloak as an Identity Provider for CISO Assistant
- [Multi-Factor Authentication (MFA)](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/mfa.md): Multi-factor authentication adds an extra layer of security to your account. CISO Assistant supports both TOTP authenticator apps and WebAuthn security keys (FIDO2, hardware keys, fingerprint, passkey
- [Libraries](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/libraries.md): Bringing content into CISO Assistant
- [Designing your own libraries](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/libraries/custom-libraries.md)
- [Getting your custom framework](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/libraries/custom-frameworks.md)
- [CIS Controls / Cloud Controls Matrix (CCM)](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/libraries/cis-controls.md): Importing CIS Controls or CSA CCM
- [Library upgrade](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/libraries/library-upgrade.md)
- [Upgrading a library](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/libraries/upgrading-a-library.md): getting the incremental updates of your framework, matrix or catalog
- [Library clean-up](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/libraries/library-cleanup.md): How to delete/remove a loaded library
- [Authoring](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/authoring.md): Guidelines for authoring frameworks, risk matrices, journey presets, and Excel-driven content
- [Framework](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/authoring/framework.md): Task-oriented recipes for authoring a framework — fork, build a tree, score, translate, publish
- [Framework builder — reference](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/authoring/framework/framework-builder.md): Complete reference for the in-app framework builder — every surface, every action, every nuance
- [Risk matrix](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/authoring/matrix.md): Task-oriented recipes for authoring a risk matrix — build, fork, translate, publish
- [Matrix editor — reference](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/authoring/matrix/matrix-editor.md): Complete reference for the in-app risk matrix editor — every surface, every action, every nuance
- [Journey preset](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/authoring/preset.md): Task-oriented recipes for authoring a journey preset — fork, build steps, scaffold objects, publish
- [Preset editor — reference](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/authoring/preset/preset-editor.md): Complete reference for the in-app journey preset editor — every surface, every action, every nuance
- [Excel-driven authoring](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/authoring/excel.md): Authoring frameworks, matrices, and other library content from Excel
- [Data import wizard](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/data-import.md): Guidelines on data import format
- [Changing the language](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/language.md): Switch the UI language
- [Date format](https://intuitem.gitbook.io/ciso-assistant/product-docs/configuration/date-format.md): Choose how dates are displayed across the application
- [Overview](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/guides.md)
- [General tips](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/general-tips.md)
- [Getting started](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/getting-started.md)
- [Initial setup](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/getting-started/initial-setup.md)
- [Creating your first perimeter](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/getting-started/first-perimeter.md): Small tutorial to learn how to create your first perimeter and be prepared for risk and audit
- [Creating your first audit](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/getting-started/first-audit.md): Small tutorial to learn how to create your first audit
- [Creating your first risk assessment](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/getting-started/first-risk-assessment.md): Small tutorial to learn how to create your first risk assessment
- [Assessments](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/assessments.md)
- [Basic audit](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/assessments/basic-audit.md)
- [Customize your audit](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/assessments/customize-audit.md): Reference for every setting on an audit — visibility, scoring, lifecycle, attachments
- [EBIOS RM study](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/assessments/ebios-rm.md): Step-by-step guide to running an EBIOS RM study in CISO Assistant — five workshops, content reuse, quotation methods, reports, and Excel round-trip
- [Cyber risk quantification](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/assessments/quantitative-risk.md): CRQ quick start
- [Cyber risk quantification — methodology](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/assessments/quantitative-risk-methodology.md): How CISO Assistant turns probability and loss-bound inputs into LEC charts, VaR, expected shortfall, and ROSI — and how to read those numbers
- [Conducting a Business Impact Analysis](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/assessments/bia.md): Step-by-step walkthrough for conducting a Business Impact Analysis
- [Programme management](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/programme-management.md)
- [Managing a project](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/programme-management/projects.md): Step-by-step walkthrough for creating and operating a project, programme, or portfolio
- [Managing a collection](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/programme-management/collections.md): Step-by-step walkthrough for building and curating a collection
- [Managing an accreditation](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/programme-management/accreditations.md): Step-by-step walkthrough for managing an accreditation from start to renewal
- [Managing a responsibility matrix](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/programme-management/responsibility-matrix.md): Step-by-step walkthrough for creating and operating a responsibility matrix
- [Third-party](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/third-party.md)
- [Third-Party Risk Management](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/third-party/tprm.md)
- [Common TPRM pitfalls](https://intuitem.gitbook.io/ciso-assistant/product-docs/guides/third-party/tprm-challenges.md): Common configuration pitfalls when running entity assessments, and where to fix them.
- [Catalogue overview](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/features.md)
- [Analytics](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/analytics.md): Manage your assessments over time
- [Controls autosuggestion](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/controls-autosuggestion.md)
- [Multi-level support](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/multi-level-support.md): Through implementation groups
- [Flash mode](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/flash-mode.md): Establishing a security posture in flashcards mode
- [Kanban mode](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/kanban-mode.md): Drag-and-drop status board for applied controls, with swimlanes per domain
- [Applied controls analytics](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/applied-controls-analytics.md): Filter-aware dashboard summarising your applied controls — count, cost, status, priority, ETA, top owners
- [Evidences from clipboard](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/evidences-from-clipboard.md): Productivity tips series
- [Mappings](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/mappings.md): Main concepts of the mapping feature
- [Mapping explorer](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/mapping-explorer.md)
- [X-rays](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/x-rays.md): Automated consistency and quality checks across every audit and risk assessment in the workspace
- [Scoring Assistant](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/scoring-assistant.md)
- [Assignments / respondent mode](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/assignments.md): Overview of the requirements dispatch mode
- [Comments](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/comments.md): In-context discussion threads on audits, risk scenarios, applied controls, and findings — author-attributed, with a processed toggle and edit history
- [Audit log](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/audit-log.md): The append-only record of who changed what, and when
- [Domain export/import](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/domain-export-import.md)
- [Focus mode](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/focus-mode.md): Filter the entire workspace to a single domain
- [Sync to actions](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/sync-to-actions.md): Propagate applied-control state into the assessments that reference them
- [Dashboards](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/dashboards.md): Compose grids of widgets over custom and built-in metrics
- [Audit advanced analytics](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/audit-analytics.md): Per-audit deep-dive dashboard — controls coverage, evidence coverage, threats addressed, scoring radar, timeline, exceptions
- [Framework report](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/framework-report.md): Cross-audit aggregate for one framework — compliance %, average implementation score, in-scope audits, status breakdown
- [Insights](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/insights.md): Cross-cutting analytical views — impact graph, priority/effort matrix, timeline — across the whole estate
- [Control Plan](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/control-plan.md): Aggregated view of recurrent tasks completion across time periods
- [Action plans](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/action-plans.md): The shared action-plan surface — applied controls rolled up under an assessment, with budget aggregation, analytics, and exports
- [Working with tables](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/working-with-tables.md): One toolbar, everywhere — search, filter, sort, choose columns, and act on rows (single or in bulk) on every model table in CISO Assistant
- [Custom fields](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/custom-fields.md): Org-defined typed fields on your objects — filterable, searchable, per-domain
- [Command palette](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/command-palette.md): The Ctrl/Cmd+K palette for jumping anywhere in the workspace
- [Universal search](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/search.md): Fuzzy search across every searchable object in the workspace
- [My assignments](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/my-assignments.md): Personal cross-cutting dashboard listing everything you (or your teams) own across the platform
- [Notifications](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/notifications.md): CISO Assistant can send you email notifications to keep you informed about deadlines, assignments, and status changes.
- [Framework-specific features](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/framework-specific.md): Capabilities tailored to a particular framework or regulator
- [ISO 27001](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/framework-specific/iso.md): Capabilities specific to ISO 27001 audits
- [CCB CyFun](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/framework-specific/cyfun.md): Excel self-assessment export aligned with Belgium's Centre for Cybersecurity
- [DORA](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/framework-specific/dora.md): Register of Information and structured incident reports for DORA compliance
- [MonServiceSécurisé](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/framework-specific/monservicesecurise.md): Controls export aligned with France's ANSSI MonServiceSécurisé portal
- [Overview](https://intuitem.gitbook.io/ciso-assistant/product-docs/ai-and-integrations/integrations.md)
- [API reference](https://intuitem.gitbook.io/ciso-assistant/product-docs/ai-and-integrations/api.md)
- [Generating a PAT](https://intuitem.gitbook.io/ciso-assistant/product-docs/ai-and-integrations/pat.md): Personal Access Token to interact with the API
- [Outgoing webhooks](https://intuitem.gitbook.io/ciso-assistant/product-docs/ai-and-integrations/webhooks.md)
- [Audit log forwarding](https://intuitem.gitbook.io/ciso-assistant/product-docs/ai-and-integrations/audit-log-forwarding.md): Stream the audit log to an external SIEM over HTTP or Kafka
- [MCP setup guide](https://intuitem.gitbook.io/ciso-assistant/product-docs/ai-and-integrations/mcp.md): This guide explains how to connect your AI assistant to CISO Assistant using the Model Context Protocol (MCP). Once set up, you'll be able to ask your AI to create risk assessments, manage compliance
- [Third-party integrations](https://intuitem.gitbook.io/ciso-assistant/product-docs/ai-and-integrations/third-party.md): Integrate CISO Assistant with third-party providers
- [Jira](https://intuitem.gitbook.io/ciso-assistant/product-docs/ai-and-integrations/third-party/jira.md)
- [ServiceNow](https://intuitem.gitbook.io/ciso-assistant/product-docs/ai-and-integrations/third-party/servicenow.md): ServiceNow Integration Guide
- [Overview](https://intuitem.gitbook.io/ciso-assistant/product-docs/contributing/contributing.md): Four ways to help CISO Assistant grow
- [Frameworks and libraries](https://intuitem.gitbook.io/ciso-assistant/product-docs/contributing/framework.md): How to contribute a framework, mapping, threat catalogue, risk matrix, or reference-control library to the community repository
- [Code (features and fixes)](https://intuitem.gitbook.io/ciso-assistant/product-docs/contributing/code.md): How to submit a bug fix or a new feature to CISO Assistant
- [Translations](https://intuitem.gitbook.io/ciso-assistant/product-docs/contributing/translation.md): How to translate the CISO Assistant interface and (in-coming) library content
- [Documentation](https://intuitem.gitbook.io/ciso-assistant/product-docs/contributing/documentation.md): How to fix or extend the documentation you're reading right now
- [Feature page template](https://intuitem.gitbook.io/ciso-assistant/product-docs/contributing/feature-page-template.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on a page URL with the `ask` query parameter:
```
GET https://intuitem.gitbook.io/ciso-assistant/readme.md?ask=<question>
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.