How is the Diligence Risk Category Calculated? Ingrid Each risk vector in the Diligence risk category is assessed and then normalized to account for company size. See how security ratings are calculated. Weight The Diligence risk category accounts for 70.5% of a company’s Bitsight Security Rating. Each Diligence risk vector is accounted for in the total Diligence weight. The percentage is out of the total 100% of the rating. Finding Grades & Risk Vector Grades Diligence findings are graded as GOOD, FAIR, WARN, BAD, or NEUTRAL based on industry-standard criteria. An overall letter grade is calculated for the risk vector using the individual finding grades. Example: If a company has 3 domains and each of them has an effective SPF record, their overall SPF Domains grade would be an A. Likewise, if all 3 domains have improperly formatted SPF records, their overall SPF Domains grade would be an F. Details by Risk Vector Grading Resources Risk Vector Comparisons See lifetime by risk vector. Remediation Resources A Guide to Navigating and Prioritizing Bitsight Risk Categories & Risk Vectors See finding messages by risk vector. See rescan by risk vector. Overview by Risk Vector SPF Domains DKIM Records TLS/SSL Certificates TLS/SSL Configurations Open Ports Web Application Security Patching Cadence Insecure Systems Server Software Desktop Software Mobile Software DNSSEC Mobile Application Security Web Application Headers DMARC Domain Squatting December 1, 2023: Linked to calculation and remediation resources. August 17, 2023: Replaced grading details with links to risk vector overviews containing all details. Separated finding behavior to its own page. July 21, 2023: Added Web Application Security risk vector. Related articles How are Bitsight Security Ratings Calculated? Finding Behavior How is the Web Application Headers Risk Vector Assessed? GET: Assets What is a Finding Rescan? Feedback 0 comments Please sign in to leave a comment.