CSPM score calculation
The CSPM score is calculated by aggregating security findings discovered by vulnerability scanning of the cloud account in the following manners:
These risks are identified by assessing the cloud resources against default and custom compliance standards. Each compliance program is divided into controls which are in turn mapped to Aqua CSPM plugins. Each control will then report the plugin counts with the corresponding aggregated statuses: PASS, WARN, FAIL, or UNKW for unknown results.
CSPM score (in %)= (Number of passing results/Total number of results) * 100
As the scan results are being processed, the severity of each risk is used to affect the final score. The severity of the risk will affect the computed score. The idea behind this is that if there are a lot of low-severity FAIL risks that they will not skew the score as much as risks with a higher severity. The weights are currently fixed.
CSPM score (in %) = 100 * (
(40 % * (Number of passing critical results / Total number of critical results))
+ (30 % * (Number of passing high results / Total number of high results))
+ (20 % * (Number of passing medium results / Total number of medium results))
+ (10 % * (Number of passing low results / Total number of low results)) )
The method for calculating the score can be configured on the CSPM site. It is currently located under Settings -> Security under Compliance Grade Calculation Type.
The calculated numerical score is between 0 and 100 and then is mapped to a letter grade using the table below.
Factors lowering the CSPM score
Did you find it helpful?Send feedback