Guidelines on data import format
Applicable for: Data import wizard (Pro) and CLI (Community and Pro)
The Data Import Wizard and the CLI both support batch creation and updates of fields. They provide the same capabilities; the only difference lies in how the import is initiated:
through the user interface for the Data Import Wizard
through the command line for the CLI
When an object already exists during an import, one of the following conflict-resolution strategies can be applied:
Stop the import (default): the import is aborted as soon as a conflict is detected
Skip the row: the existing field is left unchanged and the import continues
Update the row: the existing field is updated with the imported data
The Update strategy enables batch updates of existing fields and is particularly useful for changes that could technically be performed through the graphical interface, but become tedious or error-prone when repeated across many objects. In such cases, downloading the existing objects, applying the required transformations in an Excel file, and re-importing the updated data can be significantly faster and more reliable than performing the same actions manually in the UI. This approach reduces repetitive interactions, minimizes the risk of manual mistakes, and provides a clear, auditable workflow for large-scale updates.
In this workflow, it is strongly recommended to retain the field IDs (UUIDs) in the import schema. Doing so ensures reliable object matching during re-import, even if other attributes (such as names or labels) have changed, making the update process fail-safe.
If the imported object supports the domain attribute, the wizard will attempt to assign it to the specified domain, provided you have the required permissions. If no domain is specified, the wizard will automatically fall back to the default domain configured in the wizard form.
Fields with (*) are mandatory and don't have any supported fallback.
Unless marked as mandatory, ref_id fields can be left blank but the column must still exist.
ref_id
name*
description
domain
type will default to supporting if the column does not exist
ref_id
name*
description
domain
status will default to to_do
csf_function will default to govern
ref_id
name*
description
domain
To avoid any mixup on the expected fields and the requirements reference, you can get a template for the expected framework by going into Catalog/Frameworks
The framework needs to be loaded and when clicking on it, you'll see a button to get the excel file.
urn*
assessable
ref_id*
name
The wizard will attempt to match based on the ref_id and fallback to the urn otherwise. If none could be used, the row will be skipped.
name and description columns are not used but serve as an anchor point for reference.
Assessable will fallback to false
ref_id
name*
description
severity
email*
first_name
last_name
The risk assessment is an advanced object that needs special considerations. Make sure to pick the matrix that will be used to map your labels to the values on CISO Assistant. If you have a specific matrix, you should start by including it as a custom library.
inherent_level, current_level and residual_level are kept on the excel sample just for visual aid. The application computes them based on impact and probability to ensure consistency with the matrix definition.
Controls are created on picked based on the perimeter's domain. Line breaks are used as seperator.
ref_id
name*
description
inherent_impact
Elementary actions are useful to model a killchain during the 4th workshop of an EBIOS RM study.
ref_id
name*
description
attack_stage*
Reference controls are templates of the controls to apply.
ref_id
name
description
category
Reference controls can be bundled also as a library.
ref_id
name
description
domain
Adding entities, solutions and contracts go through the same file to be able to keep consistent relationships. Each concept needs to be on a separate tab of the excel sheet.
The file has to be divided into 3 sheets namely "Entities", "Solutions" and "Contracts"
*: Required fields
ref_id
name *
description
ref_id
name *
description
ref_id
name *
description
internal_id
ref_id
name*
description
ref_id
name
description
domain
ref_id
name
description
domain
ref_id
name
description
domain
type
PR : primary
SP : supporting
status
to_do
in_progress
on_hold
active
deprecated
category
policy
process
technical
physical
procedure
priority
integer from 1 to 4
csf_function
govern
identify
protect
detect
respond
recover
status
undefined
in_design
in_dev
in_prod
eol
dropped
description
compliance_result
not_assessed
partially_compliant
non_compliant
compliant
not_applicable
requirement_progress
to_do
in_progress
in_review
done
score
integer from 0 to 100
observations
low
medium
high
critical
status*
identified
confirmed
dismissed
assigned
in_progress
mitigated
resolved
deprecated
filtering_labels
you can add multiple labels for one finding separating them with | ( e.g. internal|pentest|...)
inherent_proba
existing_controls
current_impact
current_proba
additional_controls
residual_impact
residual_proba
treatment
open
mitigate
accept
avoid
transfer
(in English)
know
enter
discover
exploit
(in French)
connaitre
entrer
icon
server
computer
cloud
file
diamond
phone
cube
blocks
shapes
network
database
key
search
carrot
money
skull
globe
usb
domain
function
domain
mission
country (Country code https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
currency (ISO 4217 format https://en.wikipedia.org/wiki/ISO_4217)
parent_entity_id
dependency(Integer in [0,4])
penetration (Integer in [0,4])
maturity (Integer in [1,4])
trust (Interger in [1,4])
domain *
provider_entity_ref_id *
criticality (Integer in [1,4])
provider_entity_ref_id
solution_ref_id
status can be draft , active,expired or terminated
start_date (YYY-MM-DD format https://en.wikipedia.org/wiki/ISO_8601)
end_date (YYY-MM-DD format https://en.wikipedia.org/wiki/ISO_8601)
annual_expense
currency (ISO 4217 format https://en.wikipedia.org/wiki/ISO_4217)
domain
lei
euid
vat
duns
status
Approved
Draft
In review
Deprecated
processing_nature
domain
assigned_to
labels
dpia_required
FALSE
TRUE
dpia_reference
status
link
status
draft, in_review, approved, resolved, expired, deprecated
severity
undefined, info, low, medium, high, critical
expiration_date
YYYY-MM-DD
observation
status
new, ongoing, resolved, closed, dismissed
severity
critical/sev1(1), major/sev2(2), moderate/sev3(3), minor/sev4(4), low/sev5(5), unknown(6)
detection
internal/internally_detected, external/externally_detected
reported_at
DateTime
exploiter