...
...
...
...
...
...
...
...
...
...
...
...
...
OS-OUT-OF-SECURITY-SUPPORT
OS-OUT-OF-ACTIVE-SUPPORT
This is found in the Problem Group of ‘Informational’ as shown in the example below:
...
Risk Score Calculations for EOL on Active/Security Support
...
Level
...
Description
...
1
...
Both Active and Security Support have ended; no support is available
...
3
...
If the operating system is within 1 year of its security support end date; limited support
...
4
...
If the operating system is within its Active support but past its Security support; extended support
...
5
...
| Info |
|---|
This document covers the various scoring calculations and methods used for the Asset(s) Risk Scoring and various point systems. |
...
Severity and Risk Scoring Descriptions
Severity
This indicates the seriousness or criticality of a vulnerability. Common severity levels include low, medium, high, and critical. Higher-severity vulnerabilities typically pose a greater risk and require more immediate attention and mitigation.
...
The Impact Score evaluates the potential impact of a vulnerability on the affected system or organization. It considers factors such as data loss, system compromise, service disruption, regulatory compliance impact, and financial repercuss
...
How is ‘Severity’
...
Calculated?
Severity information is imported from the standard vulnerability databases.
...
In summary, the Severity score for vulnerabilities is calculated based on the Base Score, which is, in turn, calculated from the Impact and Exploitability metrics. The Severity score indicates the seriousness of a vulnerability, ranging from low to critical, based on its potential impact and ease of exploitation.
For more info, refer to the NVD links information check these sources out below:
https://nvd.nist.gov/vuln-metrics/cvss
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
...
How is EPSS
...
Calculated?
You can find the general calculation on EPSS in the link below:
...
https://epss.cyentia.com/epss_scores-current.csv.gz
...
Security and Compliance Report Card Grading
| Info |
|---|
The table values below are used for our Security Report Card and Compliance Report Card grades. |
...
Security Report Card
...
Compliance Report Card
...
End of Life
ConnectSecure checks against Assets to categorize end-of-life (EOL) in two ways.
OS-OUT-OF-SECURITY-SUPPORT
OS-OUT-OF-ACTIVE-SUPPORT
This is found in the Problem Group of ‘Informational’ as shown in the example below:
...
Risk Level Descriptions for EOL on Active/Security Support
Level | Description |
|---|---|
1 | Both Active and Security Support have ended; no support is available |
3 | If the operating system is within 1 year of its security support end date; limited support |
4 | If the operating system is within its Active support but past its Security support; extended support |
5 | If the operating system is within both Active and Security support timelines; full support |
...
Need Support?
Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.
...