goliasse/ciso-assistant-community — reverse-engineered prompt

Build me a self hosted web app for cybersecurity governance, risk, compliance, audits, and security posture management. I want a team to pick a scope, run risk assessments, track remediation actions, collect evidence, manage audits, and generate clean reports without doing everything in spreadsheets.

Please include built in libraries for common frameworks like ISO 27001, NIST CSF, SOC 2, PCI DSS, GDPR, HIPAA, NIS2, CMMC, DORA, CIS Controls, OWASP ASVS, and the other major frameworks you can reasonably include. The app should separate compliance requirements from actual security controls, so we can reuse assessments and compare one scope against several frameworks at the same time.

Also add a catalog for controls and threats, and a simple way to import our own custom framework or risk matrix from a structured file. Make it easy to run locally with Docker, with a clean frontend and a backend API. Look up current docs online if you need to.