Bitsight Security Ratings are largely computed from the observations on a company’s internet assets (IP addresses and registered domains). Cloud Service Providers (CSP) and their customers have a shared responsibility when it comes to these assets.
To provide a better representation of the provider’s security posture, CSPs have an Enhanced Rating.
Only domain-based risk vectors are taken into account, which only considers:
- Assets that we believe with high confidence are strictly associated with the CSP.
- The provider’s certifications and other representations of their security framework compliance.
All other risk vectors are treated as if there are no observations to inform the risk vector. They are treated as if they have a perfect grade, consistent to when there are no observations within a risk vector.