The Compliance Score is a vital indicator of your adherence to various standards and regulations. Behind the scenes, a sophisticated calculation process determines this score, ensuring accuracy and reliability.
Data Collection and Aggregation
The first step in calculating your Compliance Score involves gathering data from all cloud accounts connected to OpsCompass. This data encompasses a wide range of parameters, including configuration settings, security policies, and resource usage.
Benchmarking Against Compliance Frameworks
Once the data is collected, it's benchmarked against relevant compliance frameworks. These frameworks serve as a reference point, outlining the standards and regulations that organizations must comply with. Compliance frameworks used include NIST, FedRAMP, and the CIS benchmarks.
Scoring Algorithm
The heart of the calculation lies in the scoring algorithm. This algorithm analyzes the collected data in-depth, assigning numerical values based on the degree of compliance with each framework. Factors such as rule violations, misconfigurations, and security gaps are considered during this process. Specifically, the calculation does the following:
- Calculates weighted checks by multiplying the number of checks by the high severity multiple, providing the weighted impact of checks on the final score.
- Calculates total weight by adding the weighted checks to the weight of severity issues.
- Normalizes the score to ensure that the final score is proportional to the checks in comparison to severity issues.
- Scales to 1600 range, representing the final compliance score.
Score Breakdown
On the dashboard the overall compliance score is generated by looking at all the cloud accounts you have attached to OpsCompass and benchmarking them to the compliance frameworks you're being scored against. The scoring breakdown is below.
OpsCompass scores your environment from 0 - 1600 and breaks down as follows:
1550 - 1600: Exceptional
1490 - 1549: Very Good
1300 - 1489: Good
1155 - 1299: Okay
1001 - 1154: Fair
0 - 1000: Poor
Users can explore different segments of the graph to gain insights into their compliance performance.
Licensing Data Exclusion
The calculation of the Compliance Score does not include licensing data. This deliberate exclusion ensures that the score remains focused on relevant compliance metrics, providing users with actionable insights without unnecessary complexity.
Conclusion
The Compliance Score in OpsCompass is more than just a number; it's the result of a comprehensive and rigorous calculation process. By understanding how this score is calculated, users can gain deeper insights into their compliance status and take proactive steps to improve it.
Note: You can turn on or off rules for specific cloud accounts if needed. Just visit Admin -> Manage Accounts and click to enable or disable scanning for each account.