Question 1

What signals are factored into the risk score?

Accepted Answer

The composite risk score combines four independent signals: CVE exposure (CVSS scores of known vulnerabilities on the device's firmware), compliance gaps (failed controls across NIS2, ISO 27001, PCI-DSS, and CIS), configuration drift (distance from the hardened baseline), and access control weaknesses (open management ports, weak credentials, ACL gaps). Each signal is weighted and the result is a single 0 to 100 score per device.

Question 2

How is the score different from a raw CVSS score?

Accepted Answer

A CVSS score only reflects the severity of a single vulnerability in isolation. The ConnectMyAssets risk score is device-wide and reflects the full exposure of that device, including its compliance posture, how far it has drifted from baseline, and how accessible its management interfaces are. A device with a moderate CVSS vulnerability but poor access controls and multiple compliance failures will score higher than a device with the same CVE but a clean configuration.

Question 3

How often is the risk score recalculated?

Accepted Answer

The score is recalculated automatically whenever a new data point is received: a configuration backup, a new CVE feed update, or a compliance rule evaluation. In practice, scores update multiple times per day without any manual trigger. You always see the current risk posture, not a stale snapshot.

Question 4

Can I see how the risk score has evolved over time for a device?

Accepted Answer

Yes. Each device has a score history timeline that shows how its risk score has changed over time. You can correlate score changes with specific configuration events or CVE publications. This makes it straightforward to demonstrate to management or auditors that remediation actions have measurably reduced device risk.

Question 5

Can the risk score feed into our existing SIEM or ticketing system?

Accepted Answer

Yes. ConnectMyAssets can export risk score changes via webhook or syslog, allowing your SIEM or ITSM platform to ingest score updates and create tickets automatically. The integration is configured from the appliance administration interface and does not require any code changes on your side.

Question 6

Is the scoring methodology transparent and auditable?

Accepted Answer

Yes. For every device score, ConnectMyAssets shows a full breakdown of the contributing signals and their weights. An auditor or security manager can drill down to see exactly why a device has a given score, which CVEs are contributing, which compliance controls are failing, and how much each factor weighs in the final result.

Risk Scoring

Risk Quantified Across Every Signal

Composite Scoring

CVE Integration

Compliance Weight

Drift Detection

Trend Analysis

Remediation Priority

How It Works

Collect Data

Compute Score

Act on Priorities

What Goes Into the Score

Frequently Asked Questions

See Your Highest-Risk Devices Today