Compliance scores are values that indicate the total weight of all findings for non-compliant checks. You can view an overall compliance score on the Compliance Overview page or resource specific scores on individual projects, OUs, accounts, compliance checks, and compliance standards. This gives you a quick way to evaluate which resources most urgently need your attention to restore compliance. A lower score is better, and a score of 0 means no compliance issues have been found for that resource.
Calculating Compliance Scores
Each compliance check you create allows you to select a Severity, as seen in Add a Compliance Check. Each compliance check can have multiple findings.
Each severity has a designated weight that is used to calculate the score. By default, these weights are:
- Critical severity = 10
- High severity = 6
- Medium severity = 3
- Low severity = 2
- Informational = 1
These weights can be customized to create a compliance score that is accurate to your unique compliance goals and chosen industry metrics. To customize severity weights, see Compliance Settings.
The severity score is calculated by multiplying the number of findings for a check by its severity weight, then adding all of the totals together. For example:
Check A has a weight of Critical and 5 current findings. 5 findings * 10 weight = 50
Check B has a weight of High and 2 current findings. 2 findings * 6 weight = 12
Check C has a weight of Medium and 4 current findings. 4 findings * 3 weight = 12
Check D has a weight of Low and 1 current finding. 1 finding * 2 weight = 2
Check E has a weight of Informational and no current findings. 0 findings * 1 weight= 0
50+12+12+2+0 = Compliance score of 76.
Compliance scores depend on context (i.e. if you're viewing a project vs an OU). For a project or OU, factors include which compliance checks are associated with that resource (which could be applied locally or inherited), as well as the accounts associated with the resource. As a result, the compliance score for a top-level OU is likely to be much higher than that of a project.
Viewing Compliance Scores
You can learn where to view compliance scores on the following pages: