What's New in CISO Assistant — Week 15, 2026 (v3.15.3 – v3.15.7)

A packed week with five releases bringing hardware security keys, broader vulnerability management, a wave of new compliance frameworks, and plenty of UX refinements.

Security Keys (FIDO2 / WebAuthn)

Hardware security keys as a second authentication factor (v3.15.3) — CISO Assistant now supports FIDO2-compatible security keys, fingerprint readers, and other platform authenticators as a second factor. Two follow-up patches (v3.15.4, v3.15.5) hardened WebAuthn for cloud deployments by fixing the relying-party ID handling.

Expanded Vulnerability Management

Epic: broader vulnerability management capabilities (v3.15.7) — This release significantly expands what you can do with vulnerabilities in CISO Assistant, building on the MCP and API foundations shipped in v3.15.2.

New Frameworks & Libraries

Five community-contributed frameworks land this week:

• NIST CSF 2.0 Journey (v3.15.3) — courtesy of new contributor @blockanz.
• ANS HospiConnect HOPEN2 Program Library (v3.15.3) — contributed by @lulustucru-dsn.
• CyFun Small Self-Assessment translations (v3.15.3) — contributed by @fastlorenzo.
• DGSSI Cloud Qualification (Morocco, arrêté 3-17-25) (v3.15.6) — courtesy of new contributor @oulkhabou.
• French National Authority for Health — Quality of Care Certification (v3.15.6) — contributed by @ImanABS.
• EUDI Wallet ARF High-Level Requirements (v3.15.6) — also contributed by @ImanABS.

UX Improvements

• Orphan controls identification (v3.15.3) — Spot applied controls that are not linked to any compliance requirement, making it easier to clean up or reassign stale controls.
• Yearly tasks review UI (v3.15.3) — The yearly review workflow has been polished for a smoother experience.
• New timeline visualization (v3.15.6) — A redesigned timeline component with better performance and a cleaner look.
• EBIOS RM light mode (v3.15.6) — Workshop 5 scenario generation now supports a “light” mode that follows a cascading logic to build scenarios from whatever data is available, so you no longer need every preceding workshop to be fully completed.
• Batch label actions (v3.15.6) — Apply or remove labels in bulk on applied controls and findings.
• Risk analysis PDF — scenario pagination (v3.15.6) — Scenarios now start on a new page in risk analysis PDF exports, improving readability.
• Client name in page title (v3.15.6) — The browser tab now reflects the current client name, contributed by @Axxiar.
• Inlined documentation on Word export (v3.15.6) — Supported attributes are now documented inline in Word exports.

Framework Builder

The framework builder introduced in v3.15.0 continues to mature with a round of improvements (v3.15.6), including better handling of requirement hierarchies and usability fixes.

Internationalisation

• Lithuanian language support (v3.15.3) — A new locale for the platform interface.

Bug Fixes

• Regression on attaching existing items to applied controls (v3.15.3).
• Analytics dashboard chart pointer console error (v3.15.3).
• Excel file upload on Mac after the recent upgrade (v3.15.3).
• Applied control duplication and copy-from-reference-controls regressions (v3.15.3).
• Missing link for non-compliant items and batch CSF actions (v3.15.3).
• Implementation groups for dynamic frameworks (v3.15.6).
• TISAX framework missing version (v3.15.6).
• Applied controls export/import inconsistencies (v3.15.6).
• Local MFA handling when SSO is enabled (v3.15.6).
• SSO users unable to manage Personal Access Tokens (v3.15.6).

Security

• Lupa dependency upgrade (v3.15.7) — Resolves a Dependabot security alert.
• Django 6.0.3 to 6.0.4 (v3.15.6) — Picks up the latest Django security and stability fixes.
• cryptography 46.0.6 to 46.0.7 (v3.15.6) — Updated across backend, CLI, and automation packages.

Infrastructure

• Migration to Vite 6 (v3.15.6) — The frontend build toolchain has been upgraded to Vite 6.
• OIDC debug mode (v3.15.6) — extra_data is now visible in debug mode for easier OIDC troubleshooting.

New Contributors

Welcome to @blockanz and @oulkhabou, who both made their first contributions this week!

For full details, check out the v3.15.3 through v3.15.7 release notes on GitHub.