SecurityScorecard

CISA Adds SecurityScorecard to List of Free Cybersecurity Tools, Services

The Cybersecurity and Infrastructure Security Agency has added SecurityScorecard’s rating method to its catalog of free cybersecurity services and tools.

CISA’s catalog includes services provided by the agency, widely used open-source tools and free tools and services offered by the private and public sectors.

Categorized with a “basic” skill level on CISA’s website, SecurityScorecard’s ratings are intended to provide a data-driven view of an organization’s cybersecurity risk exposure and cybersecurity hygiene. Performance is scored using an A-through-F scale.

The rating system uses non-intrusive proprietary methods to score performance in network security, patching cadence, endpoint security and other areas, SecurityScorecard said Thursday.

Sachin Bansal, chief business and legal officer at SecurityScorecard, said that the company’s rating system provides a complete picture of an organization’s risk exposure.

“As threat actors proliferate and the world grows increasingly more risk-averse, our security ratings and data provide the valuable insights needed to maintain a more resilient posture,” Bansal added.

SecurityScorecard said it rates more than 12 million entities globally, providing an “outside-in” view of security postures based on publicly available data.

CISA launched its catalog of free cybersecurity services and tools in February to offer a one-stop shop for any organization.

According to the agency, the list is aligned with its previous advisory on reducing the likelihood of major incidents, detecting malicious activity, responding effectively to confirmed incidents and maximizing resilience.

CISA said that it uses neutral criteria to determine what should be added to the catalog and does not endorse any commercial product or service.