Relative Risk Rating (R3)

Generate Relative Risk Ratings (R3) across your entire environment based on the NIST Cyber Security Framework (CSF)

As the most widely adopted cybersecurity framework in the U.S., we consider the guidelines set forth by the NIST CSF as best practice. Our platform is built with this framework as the method to score assets and systems and quantify risk in a substantive and accurate manner.

Our platform enables customers to implement all key elements of the framework, use the built-in scoring to assess system risks, and guide their priorities and resource allocations to create a safer networked environment.

Our platform makes it easy for you to have all of these industry standard insights at your fingertips:

laptop-fills-relative-risk-800x507-1
risk-score-1023

View comprehensive dashboards

Users can access their R3 score, based on the NIST Cyber Security Framework, on the executive and R3 dashboards.

Analyze R3 rating trends

System automatically shows the trend lines of the components of the R3 ratings for selected networked environment.

Prioritize issues and actions

UncommonX platform provides insights on specific items impacting the R3 score, with top priorities to address.

NIST Cybersecurity Framework (CSF) – quick facts

Cybersecurity Enhancement Act of 2014 (CEA)
This act gave NIST the official responsibility of identifying & developing cybersecurity risk frameworks for voluntary use.

Commonly referred to as the NIST Cybersecurity Framework (NIST CSF)
The title of the actual document is “Framework for Improving Critical Infrastructure Cybersecurity” (you can find the PDF version at here if you want some light reading).

The ultimate goal is to help organizations reduce & better manage cybersecurity risk.

Framework core
The core is a set of desired cybersecurity activities and outcomes organized into Categories and aligned to Informative References.

web-security-drk-grn
Identify
Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
web-security-drk-grn
Protect
Develop and implement appropriate safeguards to ensure delivery of critical service.
threat-hunting-thc-drk-grn
Detect
Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
arrow-redo-dkgrn-thinner
Respond
Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.

Simply by using UncommonX, an organization can fulfill coverage of the Identify, Protect, Detect and Respond functions of the NIST CSF. This creates a safer environment, reduces risk of cyberattack or breach, and provides critical information to setting priorities and focus.

Additionally, as the NIST CSF is often referenced in many Governance, Regulation, and Compliance (GRC) standards, the UncommonX platform provides real-time fact-based reporting for standards and audits related to HIPPA, FINRA, CMMC, and other related requirements.

laptop-fills-control-coverage