Risk vector grades are based on evidence of preventative implementations and/or the presence of vulnerabilities in a company’s infrastructure. When we have insufficient data to use as evidence, we assign a default risk vector grade. The threshold on what causes a default grade to be used varies by risk vector. In the case of the DKIM risk vector, a default grade of C is assigned if there are no findings (or only Neutral findings).
Why Do I Need DKIM Findings?
Without DKIM records, we cannot verify that a company is effectively preventing email from being spoofed from its domains. This is set in the center of the grading scale for computing into security ratings.
An F grade is also assigned if a company's performance in the risk vector being in the top 60% of all companies in the Bitsight inventory.
If there are no findings and we are temporarily unable to collect data, the most recent grade is assigned for up to 400 days before being assigned the default grade. If the most recent grade is lower than the default grade, the default grade is assigned.
Feedback
0 comments
Please sign in to leave a comment.