From 7744b6c5db04eff17061da83294cec295a6717e8 Mon Sep 17 00:00:00 2001 From: Abderrahmane Smimite Date: Sun, 7 Apr 2024 15:39:01 +0200 Subject: [PATCH 1/2] improve styling --- README.md | 73 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 47 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 1f187d9a5..3f515f549 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,18 @@ -# CISO Assistant + +

+
+ intuitem.com + Β· + Free trial + Β· + Docs + Β· + Discord + Β· + Frameworks + +

+ ![](gh_banner.png) @@ -11,7 +25,7 @@ CISO Assistant brings a different take to **GRC** and Cyber Security Posture Man - you can bring your own framework as well using a simple syntax - manage audit, evidences collection and report generation -Our vision is to provide a one stop shop for cyber security posture management and cover the layers of GRC (Governance, Risk and Compliance). As practionners interacting with multiple cybersecurity and IT professionals, we have struggled with fragmentation and lack of efficient tooling. We keep improving CISO Assistant with anything that could bring clarity and productivity to cybersecurity teams and reduce the effort of research, audit management and paperwork. +Our vision is to provide a one stop shop for cyber security posture management and cover the layers of **GRC** (Governance, Risk and Compliance). As practionners interacting with multiple cybersecurity and IT professionals, we have struggled with fragmentation and lack of efficient tooling. We keep improving CISO Assistant with anything that could bring clarity and productivity to cybersecurity teams and reduce the effort of research, audit management and paperwork. CyberSecurity teams need to use GRC as a foundation to structure their program and implement the right tools and processes to mitigate the risks, and leave the rest to CISO Assistant πŸ™ @@ -30,9 +44,12 @@ The decoupling allows you to save a considerable amount of time: ## Quick Start πŸš€ +> [!TIP] > The easiest way to get started is through the [free trial of cloud instance available here](https://intuitem.com/trial). -Alternatively, clone the repo and run: + +Alternatively, make sure you have *Docker* and *Docker-compose* installed, on your workstation or server, clone the repo and run: + ```sh ./docker-compose.sh ``` @@ -43,25 +60,25 @@ Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant ## Supported frameworks πŸ™ -- ISO 27001:2022 -- NIST Cyber Security Framework (CSF) v1.1 πŸ‡ΊπŸ‡Έ -- NIST Cyber Security Framework (CSF) v2.0 πŸ‡ΊπŸ‡Έ -- NIS2 πŸ‡ͺπŸ‡Ί -- SOC2 -- PCI DSS 4.0 -- CMMC v2 πŸ‡ΊπŸ‡Έ -- PSPF πŸ‡¦πŸ‡Ί -- GDPR checklist from GDPR.EU πŸ‡ͺπŸ‡Ί -- Essential Eight πŸ‡¦πŸ‡Ί -- DFS 500 with 2023-11 amendments -- DORA πŸ‡ͺπŸ‡Ί -- NIST AI Risk Management Framework -- NIST SP 800-53 rev5 -- France LPM/OIV rules πŸ‡«πŸ‡· -- CCB CyberFundamentals Framework πŸ‡§πŸ‡ͺ -- NIST SP-800-66 (HIPAA) -- HDS/HDH -- OWASP Application Security Verification Standard (ASVS) +1. ISO 27001:2022 +2. NIST Cyber Security Framework (CSF) v1.1 πŸ‡ΊπŸ‡Έ +3. NIST Cyber Security Framework (CSF) v2.0 πŸ‡ΊπŸ‡Έ +4. NIS2 πŸ‡ͺπŸ‡Ί +5. SOC2 +6. PCI DSS 4.0 +7. CMMC v2 πŸ‡ΊπŸ‡Έ +8. PSPF πŸ‡¦πŸ‡Ί +9. GDPR checklist from GDPR.EU πŸ‡ͺπŸ‡Ί +10. Essential Eight πŸ‡¦πŸ‡Ί +11. DFS 500 with 2023-11 amendments +12. DORA πŸ‡ͺπŸ‡Ί +13. NIST AI Risk Management Framework +14. NIST SP 800-53 rev5 +15. France LPM/OIV rules πŸ‡«πŸ‡· +16. CCB CyberFundamentals Framework πŸ‡§πŸ‡ͺ +17. NIST SP-800-66 (HIPAA) +18. HDS/HDH +19. OWASP Application Security Verification Standard (ASVS) Checkout the [library](/backend/library/libraries/) and [tools](/tools/) for the Domain Specific Language used and how you can define your own. @@ -69,6 +86,8 @@ Checkout the [library](/backend/library/libraries/) and [tools](/tools/) for the - ANSSI hygiene guide - RGS +- CIS +- CCM - CCPA - CRA - and much more: just ask on [Discord](https://discord.gg/qvkaMdQ8da). If it's an open standard, we'll do it for you, *free of charge* πŸ˜‰ @@ -285,9 +304,11 @@ npm run dev 5. Reach the frontend on http://localhost:5173 -Note: Safari will not properly work in this setup, as it requires https for secure cookies. The simplest solution is to use Chrome or Firefox. An alternative is to use a caddy proxy. This is the solution used in docker-compose, so you can use it as an example. -## Managing migrations +> [!NOTE] +> Safari will not properly work in this setup, as it requires https for secure cookies. The simplest solution is to use Chrome or Firefox. An alternative is to use a caddy proxy. This is the solution used in docker-compose, so you can use it as an example. + +### Managing migrations The migrations are tracked by version control, https://docs.djangoproject.com/en/4.2/topics/migrations/#version-control @@ -309,7 +330,7 @@ python manage.py migrate These migration files should be tracked by version control. -## Test harness +### Test suite To run API tests on the backend, simply type "pytest" in a shell in the backend folder. @@ -321,7 +342,7 @@ tests/e2e-tests.sh The goal of the test harness is to prevent any regression, i.e. all the tests shall be successful, both for backend and frontend. -## Built With +## Built With πŸ’œ - [Django](https://www.djangoproject.com/) - Python Web Development Framework - [SvelteKit](https://kit.svelte.dev/) - Frontend framework From 78f60ca9a0d660cf02b94c1622453da2c57bfb61 Mon Sep 17 00:00:00 2001 From: Abderrahmane Smimite Date: Sun, 7 Apr 2024 15:40:06 +0200 Subject: [PATCH 2/2] Add CI/CD badges --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 3f515f549..71f500fae 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,9 @@ ![](gh_banner.png) +[![Backend code coverage](https://github.com/intuitem/ciso-assistant-community/actions/workflows/backend-coverage.yaml/badge.svg)](https://github.com/intuitem/ciso-assistant-community/actions/workflows/backend-coverage.yaml) +[![Functional Tests](https://github.com/intuitem/ciso-assistant-community/actions/workflows/functional-tests.yml/badge.svg?branch=main)](https://github.com/intuitem/ciso-assistant-community/actions/workflows/functional-tests.yml) + CISO Assistant brings a different take to **GRC** and Cyber Security Posture Management: - by explicitly decoupling compliance from cybersecurity controls implementation