Diligence Findings

The Diligence risk category assesses the steps a company has taken to prevent attacks, their best practice implementation, and risk mitigation (e.g., server configurations) to determine if the security practices of an organization are on par with industry-wide best practices.

The Bitsight API is also available.

Finding Details

Details vary depending on the risk vector. See details for:

• SPF Domains
• DKIM Records
• TLS/SSL Certificates
• TLS/SSL Configurations
• Open Ports
• Web Application Headers
• Patching Cadence
• Insecure Systems
• Server Software
• Desktop Software
• Mobile Software
• DNSSEC
• Mobile Application Security
• Domain Squatting

Assigned To

The user assigned to remediate the finding.

Grade

The finding grade.

This does not apply to Compromised System and User Behavior risk vectors, which are graded as N/A.

Rescan

The rescan status.

Remediations

The name of the issue(s) a finding has, details about the issue(s), and remediation instructions information if applicable.

Remediation Status

Your current progress on remediating findings.

• ↻ No Status = A finding that has never been assigned a status by a user.
• Open = A finding for review.
• To Do = A backlog of findings to remediate.
• Work In Progress = Remediation is in progress.
• Resolved = A finding you consider remediated or want to mark as remediated.
• Risk Accepted = The finding is a low priority, as it is at an acceptable level of risk.

Status History

A history of Issue Tracking changes for a finding:

• Remediation Status
• Assigned To
• Status Updated (UTC)
• Updated By

This section will not appear if the status has never been updated.

Status Updated

The date when the Remediation Status or Assigned To fields were last changed.