You can improve your rating by remediating findings that have a negative impact on your rating during calculation. Negatively-impacting findings are graded BAD, WARN, or FAIR, including all findings in the Compromised Systems and User Behavior risk categories and the Patching Cadence risk vector.
Identifying Findings To Remediate
The Bitsight platform offers many rich features which can be used to focus remediation efforts as detailed in the table below.
| Feature | Description |
|---|---|
| Findings |
Findings are the culmination of observed internet traffic and configurations. They’re recorded in the Bitsight platform as events and records.
|
| Risk Remediation Plan |
A Risk Remediation Plan is a prioritized list of findings you can fix to improve certain risk vector grades. This plan is designed to help you identify and remediate high-impact findings to reach an “A” grade.
|
| Rating Improvement |
The Rating Improvement page is an analytics tool that observes patterns and projects possible future ratings by extracting information from existing data sets.
|
| Subsidiary Improvement |
Subsidiary Improvement provides a guideline for remediation that maximizes the potential impact on the parent rating if findings within its subsidiaries were remediated.
|
| Remediation Strategy Panel |
The Remediation Strategy panel highlights findings that have had the highest impact on your rating over the last 60 days. Use this to determine which risk vectors have the largest possible improvement if remediated.
|
Once a finding is remediated, request a user-initiated findings refresh to update it in the platform. See What To Do After Remediation.
Maintaining Your Rating
To maintain your rating, ensure that remediated assets continue to implement security best practices.
For example, you should consistently:
- Ensure security measures are in place to prevent security incidents
- Renew SSL Certificates before expiration
- Use secure network protocols for sensitive data transmission
- Avoid using deprecated encryption cipher suites
- Upgrade or patch software with known or recently-discovered vulnerabilities
- Keep end user devices up-to-date (i.e. operating system, web browser)
Frequently Asked Questions
- How is the Bitsight Rating calculated?
- How do I request a refresh for a finding?
- Why do Bitsight Ratings fluctuate?
- Why did my risk vector letter grades change without affecting my overall rating?
- Risk Vector Letter Grades are correlated to how well a company is performing relative to all companies in the Bitsight inventory. The letter grade can change and this does not necessarily indicate an overall rating change should have occurred.