· intuitem · News  · 2 min read

What's New in CISO Assistant — Week 01, 2026 (v3.9.1)

Kicking off 2026 with session security hardening after 2FA enrollment, audit performance improvements, and better implementation group handling.

Kicking off 2026 with session security hardening after 2FA enrollment, audit performance improvements, and better implementation group handling.

Happy New Year! CISO Assistant v3.9.1 lands in the first week of 2026 with a focused set of security and performance improvements.

Security & Authentication

Session revocation after 2FA enrollment — Previously, enabling two-factor authentication on your account did not invalidate existing sessions. This meant that an attacker who had already compromised a session could keep using it even after you strengthened your login. Starting with v3.9.1, all active sessions are revoked the moment 2FA is enabled, forcing every device to re-authenticate with the new second factor.

Additional improvements have also been made to the Identity & Access Management (IAM) subsystem, tightening internal guardrails around user and permission handling.

UX Improvements

Extended result donut respects implementation groups — The compliance donut chart in extended-result mode now correctly follows the selected implementation group, so the visual summary matches the filtered scope you are actually reviewing. This is particularly useful for frameworks like CIS Controls where implementation groups define progressive maturity tiers.

Performance

Faster audits — Audit loading and rendering received targeted performance work, reducing wait times when opening or navigating large compliance audits.

Quality & Testing

A new CI/CD test has been added to validate the enterprise backup/restore workflow inside the community edition, ensuring that data portability remains reliable across releases.

For the full list of changes, see the v3.9.1 release on GitHub.

Share:
Back to Blog

Related Posts

View All Posts »
What's New in CISO Assistant — Week 23, 2026 (v3.17.1 – v3.17.2)

What's New in CISO Assistant — Week 23, 2026 (v3.17.1 – v3.17.2)

Two releases close out the week: v3.17.1 brings a Prometheus metrics endpoint, user-configurable date formats, expanded comments and audit aggregation; v3.17.2 piles on an expanded AI/MCP server, the ABRO framework, a tables column selector, action-plan cost breakdowns, SSO redirect handling, and a big batch of data-wizard, framework-builder, and ordering fixes.

What's New in CISO Assistant — Week 22, 2026 (v3.16.5 – v3.17.0)

What's New in CISO Assistant — Week 22, 2026 (v3.16.5 – v3.17.0)

A big stretch: native project management arrives, framework-driven reporting goes cross-domain, requirement nodes gain their own score scales, and OIDC picks up a strict state/nonce mode. Plus new NCSC CAF v4.0 and TRUE II frameworks, analytics on applied controls, the psycopg2→psycopg3 upgrade, and a long tail of fixes across four releases (v3.16.5 → v3.17.0).

What's New in CISO Assistant — Week 21, 2026 (v3.16.3 – v3.16.4)

What's New in CISO Assistant — Week 21, 2026 (v3.16.3 – v3.16.4)

Two releases land back-to-back: v3.16.3 brings the AI Defense Matrix and KSA PDPL frameworks, a Responsibility Matrix (RACI/RASCI/RAPID), Ebios RM import in Egerie format, task labels, and full Estonian language support — followed by a v3.16.4 hotfix round covering Matrix Editor, breadcrumbs, and journey templates.

What's New in CISO Assistant — Week 20, 2026 (v3.16.2)

What's New in CISO Assistant — Week 20, 2026 (v3.16.2)

v3.16.2 brings two new framework libraries (EU CER directive, UK Defence Standard 05-138), an experimental UI mode for asset creation, a specialized wizard for customer questionnaire prefill, the start of CBDDO and DoW ZT-OT framework support, plus a healthy round of audit performance work, mapping engine fixes, and i18n improvements.