CISO Assistant

CISO Assistant is your streamlined one-stop shop for compliance assessment and management. What makes it special is the fact that it is based on field knowledge and inputs from security experts.

Read the full article about the community editions on our blog.

Community

Join our open Discord community to interact with the team and other GRC experts.

Installation

The fastest and easiest way to get started is through the free trial of cloud instance available here.

This part is divided in two sections, the quick start if you simply want to run CISO to see what it's made of, and the development setup if you want to go further.

Requirements

• Python 3.8+
• pip 20.3+
• gettext 0.21+
• pango 1.0+

To install gettext and pango, do sudo apt update && sudo apt install gettext libpangocairo-1.0-0 -y

Quick start 🚀

There are two methods to run CISO locally: using Python or using Docker.

By default, Django secret key is generated randomly at each start of Mira. This is convenient for quick test, but not recommended for production, as it can break the sessions (see this topic for more information). To set a fixed secret key, use the environment variable DJANGO_SECRET_KEY.

0. Clone the repository

git clone git@github.com:intuitem/ciso-assistant-community.git
cd ciso-assistant-community

Using Python

💡 Advice: run everything inside a virtual environment. It is a good practice concerning python projects!

Choose the tool of your choice, either python-venv or virtualenv. For example:

# Install python-venv
sudo apt install python-venv # or python3-venv
# Create the virtual environment venv
python -m venv venv # or python3 -m venv venv
# To enter inside the virtual environment
source venv/bin/activate
# If you want to exit the virtual environment once finished
deactivate

1. Install dependencies

pip install -r requirements.txt

2. Run migrations

python manage.py migrate

3. Collect static files

python manage.py collectstatic

4. Create your superuser

python manage.py createsuperuser

5. Run CISO

python manage.py runserver

You can then reach CISO using your web brower at http://127.0.0.1:8000/

Using Docker

1. Upgrade or install docker and if you don't have it. Read the official docs for your own OS/distro.

2. Build the image with an appropriate tag (e.g. ciso-assistant:version), for example:

docker build . -t ciso-assistant:$(<ciso_assistant/VERSION)

3. Once this is done, you can simply start-up CISO by running:

docker run --rm -it --env CREATE_SUPERUSER=true -p 8000:8000 -v ./db:/code/db  ciso-assistant:$(<ciso_assistant/VERSION)

When asked for, enter your email and password for your superuser.

You can then reach CISO using your web brower at http://127.0.0.1:8000/

For the following executions, simply run:

docker run --rm -p 8000:8000 -v ./db:/code/db  ciso-assistant:$(<ciso_assistant/VERSION)

⚠️ WARNING: If you're using WSL you'll need to activate Systemd. Check out this topic to do it.

How to set up CISO for development? ✍️

1. Clone the repository.

git clone git@github.com:intuitem/ciso-assistant-community.git
cd ciso-assistant-community

2. Create a file in the parent folder (e.g. ../myvars) and store your environment variables within it by copying and modifying the following code and replace "<XXX>" by your private values. Take car not to commit this file in your git repo.

Recommended variables

export DJANGO_SECRET_KEY=<XXX>
export DJANGO_DEBUG=True

# Default url is set to http://127.0.0.1:8000 but you can change it, e.g. to use https with a caddy proxy
export CISO_URL=https://localhost:8443

# You can define the email of the first superuser
export CISO_SUPERUSER_EMAIL=<XXX>

# Setup a development mailer with Mailhog for example
export EMAIL_HOST_USER=''
export EMAIL_HOST_PASSWORD=''
export DEFAULT_FROM_EMAIL=ciso-assistant@ciso-assistantcloud.com
export EMAIL_HOST=localhost
export EMAIL_PORT=1025

As said in the quickstart section, CISO generates a random Django secret key if not specified. To avoid broken sessions, it is preferable to set a fixed random value using the DJANGO_SECRET_KEY environment variable.

Optional variables

# CISO will use SQLite by default, but you can setup PostgreSQL by declaring these variables
export POSTGRES_NAME=ciso-assistant
export POSTGRES_USER=ciso-assistantuser
export POSTGRES_PASSWORD=<XXX>
export DB_HOST=localhost
export DB_PORT=5432  # optional, default value is 5432

# Captcha, if you want to disable it just put empty strings
export RECAPTCHA_PUBLIC_KEY=<XXX>
export RECAPTCHA_PRIVATE_KEY=<XXX>

# Add a second backup mailer
export EMAIL_HOST_RESCUE=<XXX>
export EMAIL_PORT_RESCUE=587
export EMAIL_HOST_USER_RESCUE=<XXX>
export EMAIL_HOST_PASSWORD_RESCUE=<XXX>
export EMAIL_USE_TLS_RESCUE=True

# Idle session timeout management
export SESSION_COOKIE_AGE=900 # in seconds, (default 900, i.e. 15 minutes)
export SESSION_EXPIRE_AT_BROWSER_CLOSE=True # (default True)
export SESSION_SAVE_EVERY_REQUEST=True # (default True)

3. Choose the tool of your choice, either python-venv or virtualenv. For example:

# Install python-venv
sudo apt install python-venv # or python3-venv
# Create the virtual environment venv
python -m venv venv # or python3 -m venv venv
# To enter inside the virtual environment
source venv/bin/activate
# If you want to exit the virtual environment once finished
deactivate

4. Install required dependencies.

pip install -r requirements.txt

5. If you want to setup Postgres:

• Launch one of these commands to enter in Postgres:
  • psql as superadmin
  • sudo su postgres
  • psql
• Create the database "ciso-assistant"
  • create database ciso-assistant;
• Create user "ciso-assistantuser" and grant it access
  • create user ciso-assistantuser with password '<POSTGRES_PASSWORD>';
  • grant all privileges on database ciso-assistant to ciso-assistantuser;

6. Prepare and apply migrations.

python manage.py makemigrations
python manage.py migrate

7. Create a superuser, that will be CISO administrator.

If you have set a mailer and CISO_SUPERUSER_EMAIL variables, there's no need to create a Django superuser with createsuperuser, as it will be created automatically on first start. You should receive an email with a link to setup your password.

python manage.py createsuperuser

8. install Tailwind CSS.

npm install tailwindcss postcss postcss-import
python manage.py tailwind install

9. Compile strings.

python manage.py makemessages -i venv -l fr
python manage.py compilemessages -i venv -l fr

10. Run development server.

python manage.py runserver

11. Configure the git hooks for generating the build name.

cd .git/hooks 
ln -fs ../../git_hooks/post-commit .
ln -fs ../../git_hooks/post-merge .

Built With

• Django - Python Web Development Framework

• Gunicorn - Python WSGI HTTP Server for UNIX

• PostgreSQL - Open Source RDBMS

• SQLite - Open Source RDBMS

• Tailwind CSS - CSS Framework

• AlpineJS - Minimalist JS framework

• Docker - Container Engine

Security

Great care has been taken to follow security best practices. Please report any issue to security@intuitem.com.

License

AGPLv3