Link Search Menu Expand Document
OpenRMF Professional Help

Generating Your Cyber Readiness Scores

From the System Package dashboard you can click the Documentation menu near the top right and choose the Cyber Readiness menu option. This takes you to the Cyber Readiness screens for your system package, showing scores and settings as well as your overall ratings per area.

System Package Cyber Readiness Menu

Introduction

Your Cyber Readiness scores (sometimes in US federal government referred to as Command Cyber Readiness Inspection or CCRI) are weighted scores to show your risk tolerance and overall risk score based across sets of data. The cyber readiness scores are used to determine cyber hygiene and health. Sometimes the scores are used to determine if you are allowed to stay live and connected as well!

The weights are set per type of vulnerability in 1 of the 3 categories in OpenRMF® Professional for checklists, devices/patches, and other technologies (software, containers, etc.). And then there are 4 groupings for an overall rating in that particular area.

General Cyber Readiness Score Calculations

The scores are calculated based on your specified weights per type of data (checklist, patch, technology). Then the overall score is matched against your Excellent / Good / Poor / Fail type of scale based on minimum score, maximum score, and maximum critical vulnerabilities (if specified). You can specify different weights for the type and severity of the data. And then based on your 4 rating specifications, the overall score is shown with the data. The settings are shown at the end of this area below.

In general, the calculations are performed like this:

  • the number of critical vulnerabilities for each source (device, project) are multiplied by the critical weight number for that particular vulnerability severity
  • the number of high vulnerabilities for each source (checklist, device, project) are multiplied by the critical weight number for that particular vulnerability severity
  • the number of medium vulnerabilities for each source (checklist, device, project) are multiplied by the critical weight number for that particular vulnerability severity
  • the number of low vulnerabilities for each source (checklist, device, project) are multiplied by the critical weight number for that particular vulnerability severity
  • the Readiness Score on each line is calculated by taking the totals mentioned above and dividing by the SUM of all the weights for that category of data

For example if you had 1 checklist that had 2 high, 3 medium, and 5 low open vulnerabilities using the default cyber readiness weight settings:

(2 high * weight of 7.0) + (3 medium * weight of 4.0) + (5 low * weight of 1.0)
/
sum of weights (7.0 + 4.0 + 1.0)

For this checklist, the readiness score would be (14 + 12 + 5) / 12 = 2.58.

To get a total for the checklists, you would add up all of the individual scores like above, and then divide by the number of checklists or hosts within that system package, depending on your system package preferences.

Overall Cyber Readiness Rating

The overall cyber readiness rating will use the total calculations for that area, and then compare them to the 4 ratings allowed based on the score and maximum critical vulnerabilities allowed. (For checklists, it is the maximum number of High vulnerabilities allowed).

For each section, there is a calculated total cyber readiness score based on your most recent data for the areas being viewed. The rating is shown in decimal form and color coded to match the settings. The ratings show the label and color, background color, as well as the minimum and maximum score allowed and maximum critical items.

System Package Cyber Readiness Checklists

Checklist / Compliance Readiness

Your list of all checklists for your system package are shown, and for each one the checklist and compliance weights (High, Medium, Low) are shown with a total score per checklist. For the overall readiness score, the individual checklist scores are added together and divided by the total number of checklists in your system package.

System Package Cyber Readiness Checklists

Patch Vulnerability Readiness

Your list of all devices for your system package are shown, and for each one the patch weights (Critical, High, Medium, Low) are shown with a total score per device. For the overall readiness score, the individual device scores are added together and divided by the total number of devices in your system package.

System Package Cyber Readiness Devices

Technology Vulnerability Readiness

Your list of all technology projects (category/source/project) for your system package are shown, and for each one the patch weights (Critical, High, Medium, Low) are shown with a total score per project. For the overall readiness score, the individual project scores are added together and divided by the total number of projects in your system package.

System Package Cyber Readiness Technology

Exporting Your Cyber Readiness Scores

Note that the spreadsheet has multiple sheets or tabs at the bottom. This shows grouping checklist cyber readiness data by host and by checklist type. It also shows grouping patch cyber readiness data by operating system. And the technology readiness by category and source as well.

System Package Cyber Readiness Export

Copyright © 2021 - 2025 Soteria Software LLC.
Do The Work. Automate the Paperwork!SM