DAY2™ Security Bot - Severity definition
Created by: Team MontyCloud
Modified on: Fri, 22 Jan, 2021 at 12:42 PM
The severity of a control is determined based on an assessment of the following criteria:
- How difficult is it for a threat actor to take advantage of the configuration weakness associated with the control?
- How likely is it that the weakness will lead to a compromise of your AWS accounts or resources?
Severity mapping to the difficulty to exploit and the likelihood of compromise
Compromise highly likely
Compromise highly unlikely
Very easy to exploit
Somewhat easy to exploit
Somewhat difficult to exploit
Very difficult to exploit
The severity does not take into account the criticality of the underlying resource. you should consider the criticality of the resource
|Critical||The issue should be remediated immediately to avoid it escalating|
|High||The issue must be addressed as a near-term priority.|
|Medium||The issue should be addressed as a mid-term priority.|
|Low ||The issue does not require action on its own.|
|Informational ||No recommended action. Informational findings help customers to demonstrate that they are in a compliant state.|
Did you find it helpful?
Sorry we couldn't be helpful. Help us improve this article with your feedback.