Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

TLS/SSL Certificates Risk Vector

Avatar
Ingrid
Follow
  • August 16, 2023: New Grading & Finding Behavior sections.
  • May 11, 2020: Updated description.

⇤ Diligence Risk Category

The TLS/SSL Certificates risk vector evaluates the strength and effectiveness of the cryptographic keys within TLS and SSL certificates, which are used to encrypt internet traffic. Certificates are responsible for verifying the authenticity of company servers to associates, clients, and guests, and also serves as the basis for establishing cryptographic trust.

See data collection methods.

Risks

When communications are not properly secured or encrypted, traffic sent to the host are unencrypted. Personal customer or employee information, including passwords, can become publicly visible to observers and may lead to data breaches.

Grading

See how the TLS/SSL Certificates risk vector is graded.

Concept Behavior
Lifetime 60 Days
No Findings

– “C” Letter Grade

Some findings cannot be traced back to specific companies due to the use of third party systems; such as web filters and Content Delivery Networks (CDN), that are capable of redirecting and encapsulating network traffic. Some firewalls might also be detecting and blocking external data gathering tools from getting any data. This is set in the center of the grading scale for computing into Bitsight Security Ratings.

If there are no findings and we are temporarily unable to collect data, the most recent grade is assigned for up to 400 days before being assigned the default grade.

Weight

(Out of 70.5% in Diligence)

 10%

Remediation

Review TLS/SSL Certificate findings.

Finding Behavior

Concept Behavior
Refresh

Automated: 60 Days

User-Requested: 3 Days
Remediated

A new finding is created and the old one needs to complete its lifetime.

  • New findings: Immediately impacts the grade and is assigned its lifetime.
  • Remediated findings:
    • Newest finding: Improves the grade and impacts the grade for 60 days, as it completes its lifetime.
    • Previous finding: Continues to impact the grade for its remaining lifetime (up to 60 days).

Findings with a certificate serial number identical to the previous record are considered to be the same finding. If the serial number is new, the previous finding will have an Asset Not Reached refresh status.

Related articles