- December 8, 2023: Updated icons.
- June 9, 2021: Linked to Bitsight Academy.
- November 14, 2019: Published.
Self-published companies consist of CIDR blocks, IP addresses, and domains that are specifically selected by the company itself, rather than curated by Bitsight. A self-published rating has its own Bitsight Security Rating Report. Self-published companies:
- Communicate the most relevant company information.
- Enhance risk management processes for consumers of ratings.
- Separate business units within a company. A company may want to communicate differences in services and associated Security Ratings to ratings consumers.
Example: Some companies loan out hardware or IP addresses to their customers, such as service providers (Amazon AWS, Rackspace). These types of companies may want to communicate these separated assets to provide clarity between the company’s security rating and the activities of its customers.
- Communicate network segmentation of corporate Wi-Fi networks, guest Wi-Fi networks, and other various levels of control. The advantages of using a self-published company over annotations in this situation include access to ongoing monitoring, rating change alerts, and all the other benefits of a full security rating report. However, annotations (or tags) are an invaluable asset for response teams and should still be used accordingly.
- Publishers can choose to highlight one of the self-published companies in a ratings bundle as that curated company's primary.
- Subscribers may choose to purchase a subscription to it; like any other company, it then appears in the portfolio. The report is read the same way as any other company report.
The creation of self-published reports does not change the rating or letter grades of the original Bitsight curated company, unless additional IPs or domains are provided in the process of creating the self-published company. Those new IPs and domains are included in the Bitsight curated parent company. The self-published report is based on a subset of the parent infrastructure. Any events that occur on self-published reports continue to affect the parent Bitsight report. Creating self-published reports simply provides a more accurate representation of a company’s security posture.
Self-published companies do not need to be publicly visible; you may request to create self-published companies that are only visible to users within your organization. Private self-published companies do not appear in searches performed by other companies.
Privately published companies are created by an organization for internal use and are not available for other organizations to monitor. Creating private self-published companies is an excellent way to monitor the security rating of your company’s divisions, offices, business units, and other hierarchies without publicly disclosing them by name.
A private status for the rating is indicated in the Ratings Tree with the following Private indicator:
To view all self-published companies in a Ratings Tree, select both the Private and Self-Published filters. A private company is still a self-published company, but is labeled differently – and thus filtered differently.