The composite risk score is calculated for one or more assets against the SCAP benchmarks.
The composite risk scores for a single asset against a single benchmark is calculated in the following manner:
All rules that have failed for an asset. In such case, all the rules have risk scores ranging from 0-10. You can ignore the rules whose result value is Not Applicable.
All rules that have passed but have the risk scores ranging from 0-10.
These rules have passed because they are exempted.
Calculate average of the risk scores for all the rules.
Exclude the risk score that has the result value as Not Applicable for the failed rules
The composite risk scores for multiple assets against a single benchmark is calculated in the following manner:
Calculate the risk score of the benchmark for every single asset.
Take average of the risk scores.
If there are multiple runs of a benchmark against an asset then consider the latest run
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.