The compliance score represents the percentage of individual controls assessed against individual assets that adhere to the prescribed requirements. This score is calculated based on the ratio of controls in a passed status to the total number of controls assessed against a scope of assets.
By providing this high-level score based upon the granular controls performance, the platform enables you to quickly gauge your organization's overall compliance posture and identify which controls require immediate attention to mitigate security risks.
Note
The status of controls is determined by the evaluation of the associated rules. If an asset fails a check against any rule associated with a control, that control is considered failed for that asset.
Control statuses
The compliance scoring system evaluates assets against assessment rules and assigns one of three statuses:
Passed: Asset meets compliance requirements
Failed: Asset does not meet compliance requirements
Not Assessed: Asset was not evaluated against this control
How compliance score is calculated
The formula for compliance score calculation is:
Compliance score = Passed Controls / (Passed Controls + Failed Controls) * 100%
The score is rounded up to the next whole digit and expressed as a percentage.
This formula is applied consistently across each of the four scoring levels: rule, control, category, and standard, and across all asset scopes.
Example compliance score calculation
Consider two assets A1 and A2, both assessed against two controls. While A1 passes both controls, A2 passes one control and fails one control.
The compliance score is calculated as follows:
3 passed controls / (3 passed controls + 1 failed control) * 100% = .75 * 100% = 75%