Relative Risk Rating (R3)

Intelligent, actionable scoring based upon the NIST Cybersecurity Framework to keep your network safe and secure in real time.

Learn More About Exposure Management
 

What is UncommonX Relative Risk Rating (R3)?

Real-time risk rating is based upon an R3 score, which is generated by our platform. It is informed by the NIST Cybersecurity Framework (CSF), for which our founder was a contributing author. Today it’s considered the standard and best practice for assessing risk.

Our platform automatically identifies and categorizes control coverages by the key foundational elements of the CSF—Identify, Protect, Detect, and Respond. It then scores every system asset on a customer’s network.

The R3 score is analyzed alongside business context from our discovery and visibility tools, customer insights, and built-in threat intelligence, helping clients identify critical risks and prioritize resources effectively.
laptop-fills-relative-risk-550x349
 

NIST Cybersecurity Framework (CSF) – quick facts


Cybersecurity Enhancement Act of 2014 (CEA)

This act gave NIST the official responsibility of identifying & developing cybersecurity risk frameworks for voluntary use.

Commonly referred to as the NIST Cybersecurity Framework (NIST CSF)

The title of the actual document is “Framework for Improving Critical Infrastructure Cybersecurity” (view the PDF version of this framework if you want some light reading). The ultimate goal is to help organizations reduce & better manage cybersecurity risk.

Framework core

The core is a set of desired cybersecurity activities and outcomes organized into Categories and aligned to Informative References.
identity-drk-grn

Identify

Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.

lock--dkgrn-1

Protect

Develop and implement appropriate safeguards to ensure delivery of critical service.

threat-hunting-thc-drk-grn

Detect

Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.

arrow-redo-dkgrn

Respond

Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.

Scoring benefits

R3s are an increasingly essential real-time business scoring tool, supporting critical decisions from IT, security, and compliance leaders, including:
 

Hyperconverged security


Measure every risk based on the CSF and view it through a single pane of glass, enabling a focused and effective security approach.

security-priority-dkgrn-1

 

case-studies-drk-grn-icon-200x200

 

 

Compliance management and reporting


Use built-in Security Framework tools to assess and report on compliance with CSF 800-171, CMMC, HIPAA, FINRA, SOC II, and other industry regulations, ensuring organizational compliance.

 

Continuous improvement


Create an integrated program using our platform's versioning and analysis tools. Incorporate additional variables, such as Vulnerability Management data, to drive continuous improvement.

3-star-rated-drk-grn-400x400

 

R3 functionality

Our R3 scoring is a core feature of the platform's analytics, providing valuable insights into your security posture. Additionally, the platform offers a comprehensive suite of tools to enhance understanding, streamline reporting, and drive continuous security improvements for any organization.

Security framework based on NIST CSF

Heat map highlights key metrics, with color-coded areas indicating priority attention, based on NIST CSF. Versions are created and managed within the application for ongoing tracking.
R3-screens-in-laptops-with-circle-callouts-1F

Direct visualization of scores across standard categories, with goals set for regular updates and progress tracking. Subcategory details and user assessments are captured within the platform.
R3-screens-in-laptops-with-circle-callouts-2F

The system captures compliance data along with date, timestamp, user details, and other critical information.
R3-screens-in-laptops-with-circle-callouts-3F

What’s your score? Learn more.


UncommonX R3 scoring is a core feature of our patented Exposure Management platform—the only one that provides complete visibility, revealing your entire network and its relative risk in real time. It’s the fastest and easiest way to see everything, secure it, and save money. Do you have complete visibility?

Learn More About Exposure Management