⇤ How are Bitsight Security Ratings Calculated?
Each risk vector in the Diligence risk category is assessed and then normalized to account for company size.
Weight
The Diligence risk category accounts for 70.5% of a company’s Bitsight Security Rating. Each Diligence risk vector is accounted for in the total Diligence weight. The percentage is out of the total 100% of the rating.
Finding Grades & Risk Vector Grades
Diligence findings are graded as GOOD, FAIR, WARN, BAD, or NEUTRAL based on industry-standard criteria. An overall letter grade is calculated for the risk vector using the individual finding grades.
Example: If a company has 3 domains and each of them has an effective SPF record, their overall SPF Domains grade would be an “A.” Likewise, if all 3 domains have improperly formatted SPF records, their overall SPF Domains grade would be an “F.”
Details by Risk Vector
Grading Resources
- Risk Vector Comparisons
- See lifetime by risk vector.
Remediation Resources
- A Guide to Navigating and Prioritizing Bitsight Risk Categories & Risk Vectors
- See finding messages by risk vector.
- See refresh by risk vector.
Overview by Risk Vector
- SPF Domains
- DKIM Records
- TLS/SSL Certificates
- TLS/SSL Configurations
- Open Ports
- Web Application Headers
- Patching Cadence
- Insecure Systems
- Server Software
- Desktop Software
- Mobile Software
- DNSSEC
- Mobile Application Security
- Web Application Security
- Domain Squatting
- December 1, 2023: Linked to calculation and remediation resources.
- August 17, 2023: Replaced grading details with links to risk vector overviews containing all details. Separated finding behavior to its own page.
- July 21, 2023: Added Web Application Security risk vector.
Feedback
0 comments
Please sign in to leave a comment.