Compromised Systems
The lifetime of Compromised Systems risk vectors is 180 days.
Diligence
Risk Vector | Lifetime |
---|---|
SPF Domains | 60 Days |
DKIM Records | 60 Days |
TLS/SSL Certificates | 60 Days |
TLS/SSL Configurations | 60 Days |
Open Ports | 60 Days |
Web Application Headers | 60 Days |
Patching Cadence | 90 Days |
Insecure Systems | 60 Days |
Server Software | 60 Days |
Desktop Software | 65 Days |
Mobile Software | 65 Days |
DNSSEC | 60 Days |
Mobile Application Security | 1 Year |
Web Application Security | 60 Days |
DMARC | 60 Days |
Domain Squatting | Not applicable |
User Behavior
Risk Vector | Lifetime |
---|---|
File Sharing | 60 Days |
Exposed Credentials | Not applicable |
Public Disclosures
Security Incident – Ratings-impacting events have a 120-day half life starting from the effective date. The impact reduces by half after 120 days, and then steadily minimizes. Individual events completely stop impacting the rating after 2 years.
Other Disclosures = Not applicable.
- July 10, 2024: The Patching Cadence lifetime is 90 days.
- January 31, 2024: The Patching Cadence lifetime is subject to change for the 2024 RAU.
- December 12, 2023: Incorporated 2-years lifetime from RAU 2023 for Security Incidents.
Feedback
2 comments
You need to update the lifetime on Patching - thanks
We will update the documentation on Patching Cadence lifetime when the 2024 Ratings Algorithm Update goes into effect - ETA July 10.
Please sign in to leave a comment.