Each risk vector in the Diligence risk category is assessed and then normalized to account for company size. See how security ratings are calculated.
Weight
The Diligence risk category accounts for 70.5% of a company’s Bitsight Security Rating. Each Diligence risk vector is accounted for in the total Diligence weight. The percentage is out of the total 100% of the rating.
Finding Grades & Risk Vector Grades
Diligence findings are graded as GOOD, FAIR, WARN, BAD, or NEUTRAL based on industry-standard criteria. An overall letter grade is calculated for the risk vector using the individual finding grades.
Example: If a company has 3 domains and each of them has an effective SPF record, their overall SPF Domains grade would be anA. Likewise, if all 3 domains have improperly formatted SPF records, their overall SPF Domains grade would be anF.
Details by Risk Vector
Grading Resources
- Risk Vector Comparisons
- See lifetime by risk vector.
Remediation Resources
- A Guide to Navigating and Prioritizing Bitsight Risk Categories & Risk Vectors
- See finding messages by risk vector.
- See rescan by risk vector.
Overview by Risk Vector
- SPF Domains
- DKIM Records
- TLS/SSL Certificates
- TLS/SSL Configurations
- Open Ports
- Web Application Security
- Patching Cadence
- Insecure Systems
- Server Software
- Desktop Software
- Mobile Software
- DNSSEC
- Mobile Application Security
- Web Application Headers
- DMARC
- Domain Squatting
- December 1, 2023: Linked to calculation and remediation resources.
- August 17, 2023: Replaced grading details with links to risk vector overviews containing all details. Separated finding behavior to its own page.
- July 21, 2023: Added Web Application Security risk vector.
Feedback
0 comments
Please sign in to leave a comment.