SecurityScorecard, the global leader in cybersecurity ratings, has been added to the catalog of Free Cybersecurity Services and Tools, established by the Cybersecurity and Infrastructure Security Agency (CISA) to enhance the cyber resilience of vulnerable and under-resourced critical infrastructure sectors. SecurityScorecard’s security ratings provide an objective, data-driven view of an organization’s cybersecurity risk exposure and cybersecurity hygiene, which are quantified and scored in an easy-to-understand A-F (0-100) rating scale.
The CISA Cybersecurity Services and Tools catalog, established in February 2022, is a compilation of free tools available from government organizations and private companies, to help organizations decrease the probability of a harmful cyber incident either through rapid detection of malicious activities or by amplifying resilience through incident response.
“SecurityScorecard pioneered assessments that use metrics and readings to provide organizations with a complete picture of cyber risk exposure,” said Sachin Bansal, Chief Business and Legal Officer of SecurityScorecard. “As threat actors proliferate and the world grows increasingly more risk-averse, our security ratings and data provide the valuable insights needed to maintain a more resilient posture. We are pleased to work with CISA to expand access to this much-needed resource.”
According to the CISA website, it “applies neutral principles and criteria to add items and maintains sole and unreviewable discretion over the determination of items included. CISA does not attest to the suitability or effectiveness of these services and tools for any particular use case. CISA does not endorse any commercial product or service. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.”
SecurityScorecard currently rates more than 12 million entities globally and uses non-intrusive proprietary methods to continuously monitor across 10 risk categories (e.g., network security, patching cadence, endpoint security, etc.) to instantly deliver an easy-to-understand ‘A’ through ‘F’ rating. On a daily basis, these ratings are updated based on objective, publicly available data that, similar to credit ratings, provides an ‘outside-in’ view of an entity’s security posture.