How Mondoo Evaluates Risk
When Mondoo scans an asset, it calculates a percentage score to assess the risk the assets presents to your business.
Mondoo scoring is based on policies that match the type of asset scanned. For example, there are policies for Windows, Linux, Kubernetes clusters, and so on. You choose which policies are enabled in a space. If an asset matches multiple policies enabled in a space, Mondoo combines all matching policies to evaluate the asset's risk.
Mondoo scores policies from 0 (critical risk) to 100 (no risk) based on percentage scores:
| From... | To... | Risk score | Description |
|---|---|---|---|
| 0 | 10 | CRITICAL | Presents extreme risk to your organization |
| 11 | 30 | HIGH | Presents significant risk to your organization |
| 31 | 60 | MEDIUM | Presents moderate risk to your organization |
| 61 | 99 | LOW | Presents little risk to your organization |
| 100 | 100 | NONE | Presents no risk to your organization |
To learn more about scoring, read Change a Policy's Scoring System.