Issue Tracking: Asset Risk Matrix Ingrid The Asset Risk Matrix in the Issue Tracking of the Security Posture Management application [ Findings ➔ Issue Tracking] assesses the importance of individual assets (hostname/domain and IP addresses) and severity of associated security findings. It includes findings that were observed within the last 60 days.Available for your My Company and SPM Subsidiaries.Not applicable to Mobile Application Security assets.Use the Asset Risk Matrix as part of your remediation strategy and quickly assess the importance of individual assets (asset importance) and severity of associated security findings (finding severity). Click on the cells to look into the presented findings.Findings can change location in the Asset Risk Matrix due to a change in their asset importance or finding severity, which are recalculated daily.If the card is not available, use the Edit Dashboard button at the top-right to add the Asset Risk Matrix card.Asset Importance (Vertical Axis)The vertical axis in the Asset Risk Matrix features asset importance, which estimates the importance of the underlying IP or domain/host to the organization. Set your own importance on any asset to replace the Bitsight-calculated importance.Asset Importance of a 3x3 Matrix Low Medium/High Critical Asset Importance of a 4x4 Matrix Low Medium High Critical Finding Severity (Horizontal Axis)The horizontal axis in the Asset Risk Matrix features finding severity, which measures the amount of risk that a given security finding introduces.The categories vary depending on the size of the matrix.Finding Severity of a 3x3 MatrixFinding severity categories if the Asset Risk Matrix is configured to a 3x3 matrix: Finding Severity Risk Type Finding Grade Minor Diligence findings. GOOD NEUTRAL FAIR Moderate Diligence findings. WARN Material/Severe Compromised Systems N/A Diligence findings. BAD File Sharing findings. N/A Finding Severity of a 4x4 MatrixFinding severity categories if the Asset Risk Matrix is configured to a 4x4 matrix: Severity Risk Type Finding Grade Minor Diligence findings. GOOD NEUTRAL FAIR Moderate Diligence findings. WARN Material Potentially Exploited findings. N/A Diligence findings, including: SPF Domains DKIM Records TLS/SSL Certificates Web Application Headers Server Software Desktop Software Mobile Software BAD File Sharing findings. N/A Severe Compromised Systems findings, including: Botnet Infections Spam Propagation Malware Server Unsolicited Communications N/A Diligence findings, including: TLS/SSL Configurations Open Ports Insecure Systems BAD OptionsSelect the Options button at the top-right to configure the Asset Risk Matrix card or save an image of the card.Configure Card Title: Rename this card to distinguish multiple Asset Risk Matrix cards. Remediation Status: Filter assets by remediation status. Finding Grade: Filter assets by finding grade. Save as ImageSave the card as an image (PNG) to share with your peers and stakeholders.CustomizationGo to the Asset Risk Matrix Preferences section of the User Preferences tab in your Account page [ Settings ➔ Account].Only Admin can customize the Asset Risk Matrix. See permissions. Configure the matrix into 3 or 4 columns and rows. A 4x4 matrix is especially useful for organizations with a large number of findings. Customize the color palette. Choose between: Stoplight Colors (red, orange, yellow, green) Bitsight Gradient (shades of violet) Updates made to Asset Risk Matrix customization apply to all users on the account.The categories vary depending on the size of the matrix.Finding Severity of a 3x3 MatrixFinding severity categories if the Asset Risk Matrix is configured to a 3x3 matrix: Finding Severity Risk Type Finding Grade Minor Diligence findings. GOOD NEUTRAL FAIR Moderate Diligence findings. WARN Material/Severe Compromised Systems N/A Diligence findings. BAD File Sharing findings. N/A Finding Severity of a 4x4 MatrixFinding severity categories if the Asset Risk Matrix is configured to a 4x4 matrix: Severity Risk Type Finding Grade Minor Diligence findings. GOOD NEUTRAL FAIR Moderate Diligence findings. WARN Material Potentially Exploited findings. N/A Diligence findings, including: SPF Domains DKIM Records TLS/SSL Certificates Web Application Headers Server Software Desktop Software Mobile Software BAD File Sharing findings. N/A Severe Compromised Systems findings, including: Botnet Infections Spam Propagation Malware Server Unsolicited Communications N/A Diligence findings, including: TLS/SSL Configurations Open Ports Insecure Systems BAD March 19, 2026: Security Posture Management rebrand. January 3, 2025: Linked to permissions. October 28, 2024: Issue Tracking navigation instructions moved from Dashboards to Findings. September 6, 2022: New Options section with instructions for configuring the card and saving the matrix as an image. Related articles Finding Severity Asset Importance Finding Behavior TLS/SSL Finding Remediation & Remediation Verification How is the Web Application Headers Risk Vector Assessed? Feedback 0 comments Please sign in to leave a comment.