- September 11, 2023: Separated finding messages.
- April 19, 2023: 2023 RAU weight adjustment.
- October 20, 2021: Ratings Algorithm Update 2021.
⇤ How is the Diligence Risk Category Calculated?
The Insecure Systems risk vector assessment is based on the supported/unsupported status and the level of risk that has been introduced to an organization.
| Field | Description | Details & Values | |
|---|---|---|---|
| Finding Behavior | How findings behave, depending on the action taken. | New findings immediately impact the grade. | |
| Lifetime | The number of days a finding will impact the risk vector grade, assuming nothing changes in the future and the finding is not updated with new information. Learn why findings have a decay and lifetime period. | 60 Days | |
| No Findings | The letter grade if there are no findings for this risk vector. |
The rating is positively impacted if there are no findings for this risk vector. |
|
| Refresh | The Bitsight platform regularly checks for new observations. Bitsight findings are updated as these observations change, e.g., newly observed Diligence findings or an existing finding was remediated. | ||
| Automated Scan Duration | The duration of a regularly scheduled finding refresh, as the Bitsight platform checks for new observations. | Daily | |
| User-Requested Refresh Duration | The duration of a user-requested refresh, which initiates a refresh of eligible findings upon request. This is recommended when a change in the finding is expected, such as when a finding has been remediated. | Not Available | |
| Weight | Out of 70.5% in Diligence. | 2.5% | |
Evaluation
Insecure Systems findings are evaluated as WARN, BAD, or NEUTRAL. An overall letter grade is calculated, using the evaluations of individual findings. See finding messages: