Skip to main content

How Mondoo Evaluates Risk

When Mondoo scans an asset, it calculates a percentage score to assess the risk the assets presents to your business.

Mondoo scoring is based on policies that match the type of asset scanned. For example, there are policies for Windows, Linux, Kubernetes clusters, and so on. You choose which policies are enabled in a space. If an asset matches multiple policies enabled in a space, Mondoo combines all matching policies to evaluate the asset's risk.

Mondoo scores policies from 0 (critical risk) to 100 (no risk) based on percentage scores:

From...To...Risk scoreDescription
010CRITICALPresents extreme risk to your organization
1130HIGHPresents significant risk to your organization
3160MEDIUMPresents moderate risk to your organization
6199LOWPresents little risk to your organization
100100NONEPresents no risk to your organization

To learn more about scoring, read Change a Policy's Scoring System.