Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

GET: Static Data

Avatar
Ingrid
Follow
  • April 1, 2021: Added name and description fields for rating_ranges.
  • March 8, 2021: Published.

⇤ Endpoints

https://api.bitsighttech.com/ratings/v1/defaults

Get static Bitsight data, such as:

  • Rating category ranges.
  • Bitsight risk vectors.
  • The Bitsight platform color schemes.

Example Request

curl https://api.bitsighttech.com/ratings/v1/defaults -u api_token:

Example Response

{
  "subscription_types":[
    {
      "duration":30,
      "api_key_name":"vendor-selection",
      "display_name":"Vendor Selection",
      "name":"vendor_selection_30_days"
    }
    […]
  ],
  "vendor_access_request_reasons":[
    {
      "description":"Provides general awareness of Bitsight and Bitsight Security Ratings.",
      "slug":"informational",
      "name":"Informational"
    }
    […]
  ],
  "filter_order":[
    […]
  ],
  "risk_vectors":{
    "color_by_grade":{
      "A":"#2c4d7f"
      […]
    },
    "details_by_name":{
      "Web Application Headers":{
        "category":"Diligence",
        "impact":"medium",
        "slug":"application_security",
        "order":11,
        "beta":false,
        "refreshable":true,
        "id":"http_headers"
      }
      […]
    }
  },
  "relationship_types":[
    {
      "api_key_name":"vendor",
      "display_name":"Vendor"
    }
    […]
  ],
  "public_disclosure_categories":[
    {
      "subcategories":[
        "Fraud"
      ],
      "slug":"other",
      "name":"Other Disclosure"
    }
    […]
  ],
  "vendor_action_plan_names":{
    "3":[
      "escalate"
    ]
    […]
  },
  "rating_ranges":{
    "basic":{
      "color":"#b24053",
      "max":640,
      "min":250,
      "name":"Basic",
      "description":"Companies with Bitsight Security Ratings in the Basic Rating category have lower Security Ratings, and thus an increased likelihood of data breach. Organizations in this category typically have not implemented best practice IT security policies and procedures, demonstrate evidence of compromised systems on their network, and provide the greatest risk. Basic companies are, on average, 2 - 3x more likely to get breached than Intermediate companies, and companies with a rating of 400 or lower were 5x more likely to experience a publicly disclosed data breach than companies with a security rating of 700 or higher."
    }
    […]
  },
  "roles":[
    {
      "presentation":"Portfolio Manager",
      "slug":"customer_portfolio_manager"
    }
    […]
  ],
  "risk_categories":[
    "Compromised Systems"
    […]
  ],
  "nist_categories":[
    {
      "function":"Detect",
      "name":"Security Continuous Monitoring",
      "nist_category_code":"DE.CM",
      "order":8,
      "guid":"ac71bb98-bb81-4587-8963-c6e69ebbe32e",
      "id":"security-continuous-monitoring"
    }
    […]
  ]
}

Response Attributes

Field Description 
subscription_types
Array		 Supported subscriptions.
  Object A subscription’s details.
  
duration
Integer [days]		 If the subscription is time-limited, this is the active duration. 
api_key_name
String		 The slug name of the subscription. 
display_name
String		 The name of the subscription, as displayed in the Bitsight platform. 
name
String		 The internal Bitsight name of the subscription. 
vendor_access_request_reasons
Array		 Reasons for collaboration via the Enable Access Program.
  Object A collaboration reason’s details.
  
description
String		 A description of the collaboration reason. 
slug
String		 The slug name of the collaboration reason. 
name
String		 The name of the collaboration reason, as displayed in the Bitsight platform. 
filter_order
Array		 The ordered list of portfolio filters, as displayed in the Bitsight platform. 
risk_vectors
Object		 Non-informational risk vectors.
  
color_by_grade
Object		 Letter grade colors, as displayed in the Bitsight platform.
  Letter Grade
String		 The color hex code for this letter grade. 
details_by_name
Object		 Defaults by risk vector.
  Risk Vector
Object		 Defaults for this risk vector.
  
category
String		 The risk category of this risk vector. 
impact
String		 The impact of this risk vector on the rating, as conveyed by the Peer Analytics Risk Vector Gap Analysis. 
slug
String		 The slug name of this risk vector. 
order
Integer		 The order of this risk vector among all risk vectors, as displayed in the Bitsight platform. 
beta
Boolean		 true = This risk vector is currently in beta. Therefore, it does not impact the rating. 
refreshable
Boolean		 true = Findings for this risk vector can be refreshed. 
id
String		 The unique string ID of this risk vector. 
relationship_types
Array		 Company relationship details.
  Object A company relationship’s details.
  
api_key_name
String		 The API key name of this relationship type. 
display_name
String		 The name of this company relationship. 
public_disclosure_categories
Array		 Public Disclosure incident category details. See:
  Object An incident category’s details.
  
subcategories
Array		 Incident types within this incident category. 
slug
String		 The slug name of this incident category. 
name
String		 The name of this incident category. 
vendor_action_plan_names
Object		 The slug name of each action plan.
  Integer
Array		 Distinct and configured action plans. 
rating_ranges
Object		 Rating category details.
  Rating Category
Object		 Details of this rating category.
  
color
String		 The color hex code of this rating category, as depicted in the Bitsight platform. 
max
Integer		 The maximum rating range of this rating category (<). 
min
Integer		 The minimum rating range of this rating category (≥). 
name
String		 The name of this rating category. 
description
String		 Why companies are in this rating category. 
roles
Array		 User role details.
  Object A user role’s details.
  
presentation
String		 The name of this user role. 
slug
String		 The API key name of this user role. 
risk_categories
Array		 Risk categories. 
nist_categories
Array		 Bitsight NIST CyberSecurity Frame Report (NIST CSF report) details.
  Object A NIST category’s details.
  
function
String		 The high-level function of this NIST category, which is supported by Bitsight risk vectors. 
name
String		 The name of this NIST category. 
nist_category_code
String		 The subcategory code. 
order
Integer		 The order of this NIST category within the report. 
guid
String [NIST_guid]		 The unique identifier of this NIST category. 
id
String		 Category identification.

Related articles