Security Score

Updated on 2023-05-16 GMT+08:00

View PDF

SA assesses the overall security of your cloud assets in real time and scores your assets based on the SA edition you are using.

This topic describes how your security score is calculated.

SA evaluates the over security posture of your assets based on the SA edition you are using.

There are five risk severity levels, Secure, Informational, Low, Medium, High, and Critical.
The score ranges from 0 to 100. The higher the security score, the safer your assets are.
The security score starts from 0 and the risk severity level is escalated up from Secure to the next level every 20 points. For example, for scores ranging from 40 to 60, the risk severity is Medium.
The color key listed on the right of the chart shows what level each color on the chart represents. Different colors represent different risk severity levels. For example, yellow indicates that your asset risk is Medium.

The security score is updated when you refresh the status of an alarm event after the risk is handled.

NOTE:

It takes some time for a check to finish. You can refresh the page to get the new security score five minutes after you start the recheck.
After risks are fixed, you can manually ignore or handle alarm events and update the alarm event status in the alarm list. The risk severity will then be downgraded accordingly.

**Table 1** Security score table
Severity	Security Score	Description
Secure	100	Congratulations. Your assets are secure.
Informational	80 ≤ Security Score < 100	Your system should be hardened as several risks have been detected.
Low	60 ≤ Security Score < 80	Your system should be hardened in a timely manner as numerous risks have been detected.
Medium	40 ≤ Security Score < 60	Your system should be hardened ASAP. Your assets are vulnerable to attacks.
High	20 ≤ Security Score < 40	Detected risks should be handled ASAP. Your assets are vulnerable to attacks.
Critical	0≤ Security Score <20	Detected risks should be handled immediately. Your assets are likely to be attacked.

Table 2 lists the security check items and corresponding points.

**Table 2** Unscored check items
Category	Unscored Item	Points	Suggestion	Maximum Unscored Point
Compliance Check	Critical non-compliance items not fixed	10	Fix risky items that failed compliance check by referring to corresponding suggestions and start a new scan. The security score will be updated.	20
	High-risk non-compliance items not fixed	5
	Medium-risk non-compliance items not fixed	2
	Low-risk non-compliance items not fixed	0.1
Vulnerabilities	Critical vulnerabilities not fixed	10	Fix vulnerabilities by referring to corresponding suggestions and start a new scan. The security score will be updated.	20
	High-risk vulnerabilities not fixed	5
	Medium-risk vulnerabilities not fixed	2
	Low-risk vulnerabilities not fixed	0.1
Threat Alarms	Critical alarms not fixed	10	Fix the threats by referring to the suggestions and start a new scan. The security score will be updated accordingly.	30
	High-risk alarms not fixed	5
	Medium-risk alarms not fixed	2
	Low-risk alarms not fixed	0.1

Parent topic: Security Overview

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.