Table of Contents
- How is the framework score calculated?
- What dictates whether a framework control score is unmet?
How is the Framework Score calculated?
The framework score is a weighted average of mapped control scores. Primary controls are weighted more heavily than supporting controls in the calculation. Depending on the mapping, there may be zero, one, or many ProcessUnity Global Risk Exchange (formally CyberGRX) controls for every Framework control. The score returns a value between 0% - 100% (high risk to low risk.)
The source (attested or predicted) and the answer are the contributing control score factors. The chart below shows the possible scores our analytics algorithm may assign a given control based on the response provided or predicted.
Note: We have retired assessment Tiers. Here's how the legacy Tiers would translate to the current frameworks available.
Tier 2: ProcessUnity Cyber Risk Questionnaire framework
Tier 2V: ProcessUnity Cyber Risk Questionnaire framework with Validate Applicable Critical Controls required
Tier 1: ProcessUnity Cyber Risk Questionnaire framework with Validate Applicable Critical Controls and Metric Answers required
What dictates whether a framework control is unmet?
Any framework control with a score less than 60 is considered a control that is unmet, or is at risk, and will be displayed as such in the visuals.