CVE Details
Skyhigh Security allows you to search by Common Vulnerabilities and Exposures (CVE) numbers of publicly known cybersecurity vulnerabilities.
The Registry API provides information about Responses with CVE Details and Responses without CVE Details.
Response with CVE Details
{
"requeststatus": "success",
"responsecode": "Reg-200",
"message": "",
"services": [
{
"serviceid": 4413,
"servicename": "OpenShift - Container Platform",
"description": "OpenShift Container Platform is a cloud based service. It help to improve developer agility and productivity, increase infrastructure and operational efficiency, and accelerate application delivery in on premise, private cloud, and hybrid cloud environments, and standardize and streamline developer workflows, IT organizations can provision quickly, build efficiently.",
"category": "Development",
"subcategory": "Content Management System",
"webaddress": "https://www.openshift.com/container-...orm/index.html",
"overallriskscore": 3,
"grouprisk": [
{
"riskGroupName": "Cyber risk",
"groupScore": 1
},
{
"riskGroupName": "Business risk",
"groupScore": 3
},
{
"riskGroupName": "Data risk",
"groupScore": 4
},
{
"riskGroupName": "Service risk",
"groupScore": 1
},
{
"riskGroupName": "User / Device risk",
"groupScore": 3
},
{
"riskGroupName": "Legal risk",
"groupScore": 2
}
],
"attributes": [
{
"name": "Datasharingsupport",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Datasharingcapacity",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "NA"
},
{
"name": "Dataencryptionsupportedinrest",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Dataencryptionsupportedintransit",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "TLS 1.2"
},
{
"name": "Servicetenancysupported",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Datamingling",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Autosyncdata",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Serviceanonymoususe",
"riskgroup": "User / Device risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Multifactorauthentication",
"riskgroup": "User / Device risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Identityfederationmethod",
"riskgroup": "User / Device risk",
"additionalInfo": null,
"attributeValue": "Others"
},
{
"name": "Enterpriseidentity",
"riskgroup": "User / Device risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Pentesting",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Routine"
},
{
"name": "Serviceipfilteringsupported",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Malwaresiteuse",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Datalocation",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Providerrisk",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "SAS 70,Privacy Shield"
},
{
"name": "Infrastructurestatusreporting",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Businesshq",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "USA"
},
{
"name": "Adminactivitylogging",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Useractivitylogging",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Dataaccesslogging",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Servicebusinesstype",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "Enterprise"
},
{
"name": "Servicenotinitarlist",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Indemnity",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "Customer indemnifies SP until violation of terms of use and/or IP infringement"
},
{
"name": "Jurisdictionallocation",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "US"
},
{
"name": "Disputeresolution",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "Exclusively in SP state/county only"
},
{
"name": "Accounttermination",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "Both Customer and SP can terminate"
},
{
"name": "Securityvulnerabilityperiod",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Ipownership",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "Customer Owns"
},
{
"name": "Dataretentionontermication",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Datacontenttypes",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "NA"
},
{
"name": "Accesscontrols",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Dlpintegration",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Encryptionstrength",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Devicepinning",
"riskgroup": "User / Device risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Statueoflimitations",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "None specified in ToU"
},
{
"name": "Privacypolicy",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "Collects and shares with 3rd party on customer's consent and on subpoena or applicable laws"
},
{
"name": "Copyrightcontrols",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "DMCA"
},
{
"name": "Serviceinustrlist",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Cvevulnerability",
"riskgroup": "Service risk",
"additionalInfo": [
{
"propKey": "CVE-2012-5622",
"propValue": "http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5622"
},
{
"propKey": "CVE-2012-5647",
"propValue": "http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5647"
}
],
"attributeValue": "Yes"
},
{
"name": "Darknetsourceleak",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "SslcertExpiryage",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Less than 6 months"
},
{
"name": "SslcertSignaturealgorithm",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "SHA256 With RSA Encryption"
},
{
"name": "SslcertKeysize",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "2048 bits"
},
{
"name": "Wafprotection",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Gdprrisk",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "GDPR Risk Medium"
},
{
"name": "Vulnerabletopoodle",
"riskgroup": "Cyber risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Vulnerabletoheartbleed",
"riskgroup": "Cyber risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Vulnerabletofreak",
"riskgroup": "Cyber risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Wafdetectionmode",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Blocking"
}
]
}
],
"riskattributesmetadata": [
{
"name": "Datasharingsupport",
"displayname": "File Sharing Support",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80",
"-2000": "10",
"-1000": "50"
}
},
{
"name": "Datasharingcapacity",
"displayname": "Limits on Data Uploads and Sharing",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"4": "Unlimited",
"3": "5GB to 10GB",
"2": "1GB to 5GB",
"1": "1GB"
},
"scorelist": {
"1": "20",
"2": "30",
"3": "40",
"4": "80",
"-2000": "10",
"-1000": "30"
}
},
{
"name": "Dataencryptionsupportedinrest",
"displayname": "Data Encryption at Rest",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "80",
"1": "10",
"-2000": "10",
"-1000": "30"
}
},
{
"name": "Dataencryptionsupportedintransit",
"displayname": "Data Encryption in Transit",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "V3 Enabled",
"2": "V2 Enabled",
"3": "Both V3 and V2 Enabled",
"4": "TLS 1.0",
"5": "TLS 1.1",
"6": "TLS 1.2",
"7": "TLS 1.3"
},
"scorelist": {
"0": "70",
"1": "30",
"2": "50",
"3": "40",
"4": "50",
"5": "50",
"6": "20",
"7": "10",
"-1000": "60"
}
},
{
"name": "Servicetenancysupported",
"displayname": "Support for Multi-Tenancy",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "70",
"1": "10",
"-2000": "10",
"-1000": "50"
}
},
{
"name": "Datamingling",
"displayname": "Encryption with Tenant Managed Keys (Data Mingling)",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"4": "Multi-Tenant without Encryption",
"3": "Single tenant and completely isolated data sets",
"2": "Multi-tenant with data encrypted per tenant using tenant keys or tenant owned tokenization",
"1": "Multi-tenant with data encrypted per tenant using SP keys"
},
"scorelist": {
"1": "30",
"2": "10",
"3": "40",
"4": "70",
"-2000": "10",
"-1000": "50"
}
},
{
"name": "Autosyncdata",
"displayname": "Auto Sync of Data on User Devices",
"riskgroup": "Data risk",
"valuelist": {
"-2000": "NA",
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "60",
"-2000": "10",
"-1000": "50"
}
},
{
"name": "Serviceanonymoususe",
"displayname": "Service Allows Anonymous Use",
"riskgroup": "User / Device risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80",
"-1000": "50"
}
},
{
"name": "Multifactorauthentication",
"displayname": "Multi-factor Authentication",
"riskgroup": "User / Device risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "80",
"1": "10",
"-1000": "50"
}
},
{
"name": "Identityfederationmethod",
"displayname": "Identity Federation Method",
"riskgroup": "User / Device risk",
"valuelist": {
"1": "None",
"2": "SAML",
"4": "OAUTH",
"8": "Others",
"16": "SAML & OAUTH",
"32": "Unknown"
},
"scorelist": {
"1": "80",
"2": "10",
"4": "30",
"16": "10",
"8": "50",
"32": "60"
}
},
{
"name": "Enterpriseidentity",
"displayname": "Enterprise Identity (Integration With Directory Services)",
"riskgroup": "User / Device risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "80",
"1": "10",
"-1000": "50"
}
},
{
"name": "Pentesting",
"displayname": "Penetration Testing for Service",
"riskgroup": "Service risk",
"valuelist": {
"-1000": "Not publicly known",
"5": "None",
"4": "Clean reputable recent",
"3": "Reputable recent with issue",
"2": "Recent",
"1": "Routine"
},
"scorelist": {
"1": "20",
"2": "30",
"3": "40",
"4": "10",
"5": "80",
"-1000": "70"
}
},
{
"name": "Serviceipfilteringsupported",
"displayname": "IP Filtering Support",
"riskgroup": "Service risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Malwaresiteuse",
"displayname": "Known Malicious Misuse of Service",
"riskgroup": "Service risk",
"valuelist": {
"5": "Less than 1 month",
"4": "1 to 3 months",
"3": "3 months to 1 Year",
"2": "Greater than 1 Year",
"1": "Not publicly known"
},
"scorelist": {
"1": "10",
"2": "20",
"3": "50",
"4": "70",
"5": "80"
}
},
{
"name": "Datalocation",
"displayname": "Service Hosting Locations",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"3": "Hosted in a questionable countries",
"2": "Hosted in EU",
"1": "Hosted in US",
"5": "Hosted in EU approved countries",
"7": "Hosted in APAC",
"6": "Others"
},
"scorelist": {
"1": "10",
"2": "10",
"3": "70",
"5": "20",
"6": "40",
"7": "30",
"-1000": "40"
}
},
{
"name": "Providerrisk",
"displayname": "Compliance Certifications",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"9": "None",
"8": "HIPAA",
"7": "PCI Compliance",
"6": "SOC2",
"5": "ISO 27001",
"4": "DCAA / SOC 3",
"3": "ITIL",
"2": "SAS 70",
"1": "Privacy Shield",
"0": "Trustee / BBB",
"10": "ISO 27018",
"11": "FISMA",
"12": "FedRAMP",
"13": "CSA Star",
"14": "HITRUST",
"15": "ISO 27017",
"16": "SSAE16",
"17": "ISAE 3402",
"18": "Cyber Essentials",
"19": "Cyber Essentials Plus"
},
"scorelist": {
"11": "10",
"12": "10",
"13": "20",
"14": "10",
"15": "10",
"16": "10",
"17": "10",
"18": "10",
"19": "10",
"0": "30",
"1": "10",
"2": "10",
"3": "20",
"4": "10",
"5": "10",
"6": "10",
"7": "20",
"8": "20",
"9": "90",
"-1000": "70",
"10": "10"
}
},
{
"name": "Infrastructurestatusreporting",
"displayname": "Infrastructure Status Reporting",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Businesshq",
"displayname": "Business HQ",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"3": "Others",
"2": "Privacy Friendly Countries",
"1": "USA"
},
"scorelist": {
"1": "10",
"2": "10",
"3": "60",
"-1000": "30"
}
},
{
"name": "Adminactivitylogging",
"displayname": "Support for Admin Audit Logging",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Useractivitylogging",
"displayname": "Support for User Activity Logging",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Dataaccesslogging",
"displayname": "Support for Data Access Logging",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Servicebusinesstype",
"displayname": "Business Type",
"riskgroup": "Business risk",
"valuelist": {
"3": "Both Enterprise and Consumer",
"2": "Consumer",
"1": "Enterprise"
},
"scorelist": {
"1": "10",
"2": "80",
"3": "40"
}
},
{
"name": "Servicenotinitarlist",
"displayname": "Service in ITAR List",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "70",
"-1000": "50"
}
},
{
"name": "Indemnity",
"displayname": "Legal Indemnity",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"9": "Negotiated Terms",
"8": "SP indemnifies customer until violation of these Terms and IP infringement",
"7": "Customer indemnifies SP until violation of terms of use and/or IP infringement",
"6": "Blanket indemnity",
"5": "Mutual Indemnification",
"4": "Customer indemnifies SP until infringement by 3rd party",
"3": "SP indemnifies customer until infringement by 3rd party",
"2": "Customer indemnifies SP until violation of terms",
"1": "SP indemnifies customer until violation of terms of use"
},
"scorelist": {
"1": "20",
"2": "30",
"3": "10",
"4": "10",
"5": "30",
"6": "30",
"7": "20",
"-3000": "50",
"8": "20",
"9": "20",
"-1000": "50"
}
},
{
"name": "Jurisdictionallocation",
"displayname": "Jurisdictional Location",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"7": "Negotiated Terms",
"6": "Depends on Customer location",
"5": "Others",
"3": "APAC",
"2": "Europe",
"1": "US"
},
"scorelist": {
"1": "10",
"2": "10",
"3": "30",
"5": "50",
"6": "30",
"7": "20",
"-3000": "80",
"-1000": "80"
}
},
{
"name": "Disputeresolution",
"displayname": "Dispute Resolution",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"4": "Negotiated Terms",
"3": "At customer location",
"2": "Exclusively in SP state/county only",
"1": "Arbitration"
},
"scorelist": {
"1": "30",
"2": "40",
"3": "10",
"4": "20",
"-3000": "60",
"-1000": "60"
}
},
{
"name": "Accounttermination",
"displayname": "Account Termination Policy",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"7": "Negotiated Terms",
"6": "Both Customer and SP can terminate",
"5": "Customer Choice and/or On Infringement of TOU/Non-Payment",
"4": "Customer choice only",
"3": "On infringement of contract terms",
"2": "SP but with/without notice period",
"1": "Sole discretion of SP"
},
"scorelist": {
"1": "80",
"2": "60",
"3": "30",
"4": "10",
"5": "10",
"6": "10",
"7": "20",
"-3000": "40",
"-1000": "40"
}
},
{
"name": "Securityvulnerabilityperiod",
"displayname": "Breach Identified for Service",
"riskgroup": "Service risk",
"valuelist": {
"5": "Less than 1 month",
"4": "1 to 3 months",
"3": "3 months to 1 Year",
"2": "Greater than 1 Year",
"1": "Not publicly known"
},
"scorelist": {
"1": "10",
"2": "20",
"3": "50",
"4": "70",
"5": "80"
}
},
{
"name": "Ipownership",
"displayname": "IP Ownership Policy",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"2": "SP Owns",
"1": "Customer Owns"
},
"scorelist": {
"1": "10",
"2": "70",
"-3000": "30",
"-1000": "30"
}
},
{
"name": "Dataretentionontermication",
"displayname": "Data Retention Policy Upon Account Termination",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"8": "Data Retained",
"7": "Greater than 1 year",
"6": "6 months to 1 year",
"5": "3 to 6 months",
"4": "1 to 3 months",
"3": "15 to 30 days",
"2": "Less than 15 days",
"1": "Data Purged Immediately"
},
"scorelist": {
"1": "10",
"2": "20",
"3": "20",
"4": "30",
"5": "40",
"6": "50",
"7": "60",
"8": "70",
"-2000": "10",
"-1000": "60"
}
},
{
"name": "Datacontenttypes",
"displayname": "Predominant Content Type",
"riskgroup": "Data risk",
"valuelist": {
"-2000": "NA",
"5": "Source Code",
"4": "Video",
"3": "Music",
"2": "Photos",
"1": "Files"
},
"scorelist": {
"1": "70",
"2": "20",
"3": "20",
"4": "20",
"5": "70",
"-2000": "10"
}
},
{
"name": "Accesscontrols",
"displayname": "Provides Granular Access Controls",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-2000": "10",
"-1000": "40"
}
},
{
"name": "Dlpintegration",
"displayname": "Integrated Data Loss Prevention Capability",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Encryptionstrength",
"displayname": "Encryption Strength at Rest",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"4": "None",
"3": "> 256 bit",
"2": "256 bit",
"1": "128 bit"
},
"scorelist": {
"1": "30",
"2": "20",
"3": "10",
"4": "50",
"-2000": "40",
"-1000": "60"
}
},
{
"name": "Devicepinning",
"displayname": "Support for Device Pinning",
"riskgroup": "User / Device risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Statueoflimitations",
"displayname": "Statute of Limitations",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"4": "Negotiated Terms",
"3": "Multiple Years",
"2": "1 Year",
"1": "None specified in ToU"
},
"scorelist": {
"1": "70",
"2": "20",
"3": "10",
"4": "20",
"-3000": "60",
"-1000": "50"
}
},
{
"name": "Privacypolicy",
"displayname": "Privacy Policy",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"8": "Negotiated Terms",
"7": "Collects and shares with 3rd party on customer's consent and on subpoena or applicable laws",
"6": "Collects and shares with 3rd party on customer's consent",
"5": "Collects and shares with 3rd party and on subpoena or applicable laws",
"4": "Shares only on subpoena or applicable laws",
"3": "Does not collect PII",
"2": "Collects data and does not share with 3rd party",
"1": "Collects and shares with 3rd party"
},
"scorelist": {
"1": "90",
"2": "20",
"3": "10",
"4": "30",
"5": "50",
"6": "50",
"7": "40",
"-3000": "40",
"8": "30",
"-1000": "70"
}
},
{
"name": "Copyrightcontrols",
"displayname": "Service Adherence to Copyright Controls",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"2": "Others",
"1": "DMCA"
},
"scorelist": {
"1": "20",
"2": "40",
"-3000": "70",
"-1000": "60"
}
},
{
"name": "Serviceinustrlist",
"displayname": "Service in USTR List",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "70",
"-1000": "50"
}
},
{
"name": "Cvevulnerability",
"displayname": "Published CVE Vulnerability",
"riskgroup": "Service risk",
"valuelist": {
"1": "Yes",
"2": "Possible",
"0": "No"
},
"scorelist": {
"0": "10",
"1": "80",
"2": "30"
}
},
{
"name": "Darknetsourceleak",
"displayname": "Source of Leak for Darknet",
"riskgroup": "Service risk",
"valuelist": {
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80"
}
},
{
"name": "SslcertExpiryage",
"displayname": "Expiry of SSL Certificate",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"1": "Certificate Expired",
"2": "Less than 6 months",
"3": "6 months to 1 year",
"4": "1 year to 4 years",
"5": "Greater than 4 Years"
},
"scorelist": {
"1": "80",
"2": "30",
"3": "10",
"4": "50",
"5": "70",
"-2000": "40",
"-1000": "50"
}
},
{
"name": "SslcertSignaturealgorithm",
"displayname": "Signature Algorithm of SSL Certificate",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"1": "MD5 With RSA Encryption",
"2": "SHA1 With RSA Encryption",
"3": "SHA256 With RSA Encryption",
"4": "SHA512 With RSA Encryption",
"5": "Others"
},
"scorelist": {
"1": "80",
"2": "60",
"3": "30",
"4": "10",
"5": "60",
"-2000": "40",
"-1000": "50"
}
},
{
"name": "SslcertKeysize",
"displayname": "Key Size of SSL Certificate",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"1": "<= 256 bits",
"2": "1024 bits",
"3": "2048 bits",
"4": ">= 4096 bits"
},
"scorelist": {
"1": "80",
"2": "40",
"3": "20",
"4": "10",
"-2000": "60",
"-1000": "50"
}
},
{
"name": "Wafprotection",
"displayname": "Application Security Vulnerability Protection",
"riskgroup": "Service risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "70",
"1": "10",
"-1000": "40"
}
},
{
"name": "Gdprrisk",
"displayname": "EU GDPR",
"riskgroup": "Business risk",
"valuelist": {
"1": "GDPR Risk Low",
"2": "GDPR Risk Medium",
"3": "GDPR Risk High"
},
"scorelist": {
"1": "10",
"2": "40",
"3": "70"
}
},
{
"name": "Vulnerabletopoodle",
"displayname": "Vulnerable to Poodle",
"riskgroup": "Cyber risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80",
"-1000": "50"
}
},
{
"name": "Vulnerabletoheartbleed",
"displayname": "Vulnerable to Heartbleed",
"riskgroup": "Cyber risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80",
"-1000": "50"
}
},
{
"name": "Vulnerabletofreak",
"displayname": "Vulnerable to Freak",
"riskgroup": "Cyber risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80",
"-1000": "50"
}
},
{
"name": "Wafdetectionmode",
"displayname": "WAF Detection Mode",
"riskgroup": "Service risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "Blocking",
"1": "Monitoring",
"2": "Patching"
},
"scorelist": {
"0": "10",
"1": "20",
"2": "10",
"-1000": "80"
}
}
]
}
Response without CVE Details
{
"requeststatus": "success",
"responsecode": "Reg-200",
"message": "",
"services": [
{
"serviceid": 2048,
"servicename": "Amazon S3",
"description": "Amazon Simple Storage Service (Amazon S3) is an online storage service for developers. It includes: a data management console, data uploading and downloading, data storage, a unique retrieval key, encryption at-rest, and a service level agreement (SLA).",
"category": "Cloud Storage",
"subcategory": "Data Storage",
"webaddress": "https://aws.amazon.com/s3/",
"overallriskscore": 3,
"grouprisk": [
{
"riskGroupName": "Legal risk",
"groupScore": 2
},
{
"riskGroupName": "Business risk",
"groupScore": 2
},
{
"riskGroupName": "Cyber risk",
"groupScore": 1
},
{
"riskGroupName": "Data risk",
"groupScore": 4
},
{
"riskGroupName": "User / Device risk",
"groupScore": 2
},
{
"riskGroupName": "Service risk",
"groupScore": 1
}
],
"attributes": [
{
"name": "Datasharingsupport",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Datasharingcapacity",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "1GB to 5GB"
},
{
"name": "Dataencryptionsupportedinrest",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Dataencryptionsupportedintransit",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "TLS 1.2,TLS 1.1,TLS 1.0"
},
{
"name": "Servicetenancysupported",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Datamingling",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Multi-tenant with data encrypted per tenant using tenant keys or tenant owned tokenization"
},
{
"name": "Autosyncdata",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Serviceanonymoususe",
"riskgroup": "User / Device risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Multifactorauthentication",
"riskgroup": "User / Device risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Identityfederationmethod",
"riskgroup": "User / Device risk",
"additionalInfo": null,
"attributeValue": "SAML & OAUTH"
},
{
"name": "Enterpriseidentity",
"riskgroup": "User / Device risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Pentesting",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Routine"
},
{
"name": "Serviceipfilteringsupported",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Malwaresiteuse",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Greater than 1 Year"
},
{
"name": "Datalocation",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "Hosted in US,Hosted in EU,Hosted in a questionable countries,Hosted in EU approved countries,Hosted in APAC"
},
{
"name": "Providerrisk",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "FedRAMP,DCAA / SOC 3,Trustee / BBB,CSA Star,SAS 70,SOC2,ISO 27017,ISO 27018,PCI Compliance,HIPAA,ISO 27001,FISMA,Privacy Shield"
},
{
"name": "Infrastructurestatusreporting",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Businesshq",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "USA"
},
{
"name": "Adminactivitylogging",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Useractivitylogging",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Dataaccesslogging",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "Not publicly known"
},
{
"name": "Servicebusinesstype",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "Enterprise"
},
{
"name": "Servicenotinitarlist",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Indemnity",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "Customer indemnifies SP until violation of terms of use and/or IP infringement"
},
{
"name": "Jurisdictionallocation",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "US"
},
{
"name": "Disputeresolution",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "Arbitration"
},
{
"name": "Accounttermination",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "Both Customer and SP can terminate"
},
{
"name": "Securityvulnerabilityperiod",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Greater than 1 Year"
},
{
"name": "Ipownership",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "Customer Owns"
},
{
"name": "Dataretentionontermication",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Data Purged Immediately"
},
{
"name": "Datacontenttypes",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Files"
},
{
"name": "Accesscontrols",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Dlpintegration",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Encryptionstrength",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "256 bit"
},
{
"name": "Devicepinning",
"riskgroup": "User / Device risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Statueoflimitations",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "None specified in ToU"
},
{
"name": "Privacypolicy",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "Collects and shares with 3rd party on customer's consent and on subpoena or applicable laws"
},
{
"name": "Copyrightcontrols",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "Others"
},
{
"name": "Serviceinustrlist",
"riskgroup": "Legal risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Cvevulnerability",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "SslcertExpiryage",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "Less than 6 months"
},
{
"name": "SslcertSignaturealgorithm",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "SHA256 With RSA Encryption"
},
{
"name": "SslcertKeysize",
"riskgroup": "Data risk",
"additionalInfo": null,
"attributeValue": "2048 bits"
},
{
"name": "Wafprotection",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Yes"
},
{
"name": "Gdprrisk",
"riskgroup": "Business risk",
"additionalInfo": null,
"attributeValue": "GDPR Risk Low"
},
{
"name": "Vulnerabletopoodle",
"riskgroup": "Cyber risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Vulnerabletoheartbleed",
"riskgroup": "Cyber risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Vulnerabletofreak",
"riskgroup": "Cyber risk",
"additionalInfo": null,
"attributeValue": "No"
},
{
"name": "Wafdetectionmode",
"riskgroup": "Service risk",
"additionalInfo": null,
"attributeValue": "Blocking"
},
{
"name": "Vulnerabletodrown",
"riskgroup": "Cyber risk",
"additionalInfo": null,
"attributeValue": "No"
}
]
}
],
"riskattributesmetadata": [
{
"name": "Datasharingsupport",
"displayname": "File Sharing Support",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80",
"-2000": "10",
"-1000": "50"
}
},
{
"name": "Datasharingcapacity",
"displayname": "Limits on Data Uploads and Sharing",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"4": "Unlimited",
"3": "5GB to 10GB",
"2": "1GB to 5GB",
"1": "1GB"
},
"scorelist": {
"1": "20",
"2": "30",
"3": "40",
"4": "80",
"-2000": "10",
"-1000": "30"
}
},
{
"name": "Dataencryptionsupportedinrest",
"displayname": "Data Encryption at Rest",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "80",
"1": "10",
"-2000": "10",
"-1000": "30"
}
},
{
"name": "Dataencryptionsupportedintransit",
"displayname": "Data Encryption in Transit",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "V3 Enabled",
"2": "V2 Enabled",
"3": "Both V3 and V2 Enabled",
"4": "TLS 1.0",
"5": "TLS 1.1",
"6": "TLS 1.2",
"7": "TLS 1.3"
},
"scorelist": {
"0": "70",
"1": "30",
"2": "50",
"3": "40",
"4": "50",
"5": "50",
"6": "20",
"7": "10",
"-1000": "60"
}
},
{
"name": "Servicetenancysupported",
"displayname": "Support for Multi-Tenancy",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "70",
"1": "10",
"-2000": "10",
"-1000": "50"
}
},
{
"name": "Datamingling",
"displayname": "Encryption with Tenant Managed Keys (Data Mingling)",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"4": "Multi-Tenant without Encryption",
"3": "Single tenant and completely isolated data sets",
"2": "Multi-tenant with data encrypted per tenant using tenant keys or tenant owned tokenization",
"1": "Multi-tenant with data encrypted per tenant using SP keys"
},
"scorelist": {
"1": "30",
"2": "10",
"3": "40",
"4": "70",
"-2000": "10",
"-1000": "50"
}
},
{
"name": "Autosyncdata",
"displayname": "Auto Sync of Data on User Devices",
"riskgroup": "Data risk",
"valuelist": {
"-2000": "NA",
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "60",
"-2000": "10",
"-1000": "50"
}
},
{
"name": "Serviceanonymoususe",
"displayname": "Service Allows Anonymous Use",
"riskgroup": "User / Device risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80",
"-1000": "50"
}
},
{
"name": "Multifactorauthentication",
"displayname": "Multi-factor Authentication",
"riskgroup": "User / Device risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "80",
"1": "10",
"-1000": "50"
}
},
{
"name": "Identityfederationmethod",
"displayname": "Identity Federation Method",
"riskgroup": "User / Device risk",
"valuelist": {
"1": "None",
"2": "SAML",
"4": "OAUTH",
"8": "Others",
"16": "SAML & OAUTH",
"32": "Unknown"
},
"scorelist": {
"1": "80",
"2": "10",
"4": "30",
"16": "10",
"8": "50",
"32": "60"
}
},
{
"name": "Enterpriseidentity",
"displayname": "Enterprise Identity (Integration With Directory Services)",
"riskgroup": "User / Device risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "80",
"1": "10",
"-1000": "50"
}
},
{
"name": "Pentesting",
"displayname": "Penetration Testing for Service",
"riskgroup": "Service risk",
"valuelist": {
"-1000": "Not publicly known",
"5": "None",
"4": "Clean reputable recent",
"3": "Reputable recent with issue",
"2": "Recent",
"1": "Routine"
},
"scorelist": {
"1": "20",
"2": "30",
"3": "40",
"4": "10",
"5": "80",
"-1000": "70"
}
},
{
"name": "Serviceipfilteringsupported",
"displayname": "IP Filtering Support",
"riskgroup": "Service risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Malwaresiteuse",
"displayname": "Known Malicious Misuse of Service",
"riskgroup": "Service risk",
"valuelist": {
"5": "Less than 1 month",
"4": "1 to 3 months",
"3": "3 months to 1 Year",
"2": "Greater than 1 Year",
"1": "Not publicly known"
},
"scorelist": {
"1": "10",
"2": "20",
"3": "50",
"4": "70",
"5": "80"
}
},
{
"name": "Datalocation",
"displayname": "Service Hosting Locations",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"3": "Hosted in a questionable countries",
"2": "Hosted in EU",
"1": "Hosted in US",
"5": "Hosted in EU approved countries",
"7": "Hosted in APAC",
"6": "Others"
},
"scorelist": {
"1": "10",
"2": "10",
"3": "70",
"5": "20",
"6": "40",
"7": "30",
"-1000": "40"
}
},
{
"name": "Providerrisk",
"displayname": "Compliance Certifications",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"9": "None",
"8": "HIPAA",
"7": "PCI Compliance",
"6": "SOC2",
"5": "ISO 27001",
"4": "DCAA / SOC 3",
"3": "ITIL",
"2": "SAS 70",
"1": "Privacy Shield",
"0": "Trustee / BBB",
"10": "ISO 27018",
"11": "FISMA",
"12": "FedRAMP",
"13": "CSA Star",
"14": "HITRUST",
"15": "ISO 27017",
"16": "SSAE16",
"17": "ISAE 3402",
"18": "Cyber Essentials",
"19": "Cyber Essentials Plus"
},
"scorelist": {
"11": "10",
"12": "10",
"13": "20",
"14": "10",
"15": "10",
"16": "10",
"17": "10",
"18": "10",
"19": "10",
"0": "30",
"1": "10",
"2": "10",
"3": "20",
"4": "10",
"5": "10",
"6": "10",
"7": "20",
"8": "20",
"9": "90",
"-1000": "70",
"10": "10"
}
},
{
"name": "Infrastructurestatusreporting",
"displayname": "Infrastructure Status Reporting",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Businesshq",
"displayname": "Business HQ",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"3": "Others",
"2": "Privacy Friendly Countries",
"1": "USA"
},
"scorelist": {
"1": "10",
"2": "10",
"3": "60",
"-1000": "30"
}
},
{
"name": "Adminactivitylogging",
"displayname": "Support for Admin Audit Logging",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Useractivitylogging",
"displayname": "Support for User Activity Logging",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Dataaccesslogging",
"displayname": "Support for Data Access Logging",
"riskgroup": "Business risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Servicebusinesstype",
"displayname": "Business Type",
"riskgroup": "Business risk",
"valuelist": {
"3": "Both Enterprise and Consumer",
"2": "Consumer",
"1": "Enterprise"
},
"scorelist": {
"1": "10",
"2": "80",
"3": "40"
}
},
{
"name": "Servicenotinitarlist",
"displayname": "Service in ITAR List",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "70",
"-1000": "50"
}
},
{
"name": "Indemnity",
"displayname": "Legal Indemnity",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"9": "Negotiated Terms",
"8": "SP indemnifies customer until violation of these Terms and IP infringement",
"7": "Customer indemnifies SP until violation of terms of use and/or IP infringement",
"6": "Blanket indemnity",
"5": "Mutual Indemnification",
"4": "Customer indemnifies SP until infringement by 3rd party",
"3": "SP indemnifies customer until infringement by 3rd party",
"2": "Customer indemnifies SP until violation of terms",
"1": "SP indemnifies customer until violation of terms of use"
},
"scorelist": {
"1": "20",
"2": "30",
"3": "10",
"4": "10",
"5": "30",
"6": "30",
"7": "20",
"-3000": "50",
"8": "20",
"9": "20",
"-1000": "50"
}
},
{
"name": "Jurisdictionallocation",
"displayname": "Jurisdictional Location",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"7": "Negotiated Terms",
"6": "Depends on Customer location",
"5": "Others",
"3": "APAC",
"2": "Europe",
"1": "US"
},
"scorelist": {
"1": "10",
"2": "10",
"3": "30",
"5": "50",
"6": "30",
"7": "20",
"-3000": "80",
"-1000": "80"
}
},
{
"name": "Disputeresolution",
"displayname": "Dispute Resolution",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"4": "Negotiated Terms",
"3": "At customer location",
"2": "Exclusively in SP state/county only",
"1": "Arbitration"
},
"scorelist": {
"1": "30",
"2": "40",
"3": "10",
"4": "20",
"-3000": "60",
"-1000": "60"
}
},
{
"name": "Accounttermination",
"displayname": "Account Termination Policy",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"7": "Negotiated Terms",
"6": "Both Customer and SP can terminate",
"5": "Customer Choice and/or On Infringement of TOU/Non-Payment",
"4": "Customer choice only",
"3": "On infringement of contract terms",
"2": "SP but with/without notice period",
"1": "Sole discretion of SP"
},
"scorelist": {
"1": "80",
"2": "60",
"3": "30",
"4": "10",
"5": "10",
"6": "10",
"7": "20",
"-3000": "40",
"-1000": "40"
}
},
{
"name": "Securityvulnerabilityperiod",
"displayname": "Breach Identified for Service",
"riskgroup": "Service risk",
"valuelist": {
"5": "Less than 1 month",
"4": "1 to 3 months",
"3": "3 months to 1 Year",
"2": "Greater than 1 Year",
"1": "Not publicly known"
},
"scorelist": {
"1": "10",
"2": "20",
"3": "50",
"4": "70",
"5": "80"
}
},
{
"name": "Ipownership",
"displayname": "IP Ownership Policy",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"2": "SP Owns",
"1": "Customer Owns"
},
"scorelist": {
"1": "10",
"2": "70",
"-3000": "30",
"-1000": "30"
}
},
{
"name": "Dataretentionontermication",
"displayname": "Data Retention Policy Upon Account Termination",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"8": "Data Retained",
"7": "Greater than 1 year",
"6": "6 months to 1 year",
"5": "3 to 6 months",
"4": "1 to 3 months",
"3": "15 to 30 days",
"2": "Less than 15 days",
"1": "Data Purged Immediately"
},
"scorelist": {
"1": "10",
"2": "20",
"3": "20",
"4": "30",
"5": "40",
"6": "50",
"7": "60",
"8": "70",
"-2000": "10",
"-1000": "60"
}
},
{
"name": "Datacontenttypes",
"displayname": "Predominant Content Type",
"riskgroup": "Data risk",
"valuelist": {
"-2000": "NA",
"5": "Source Code",
"4": "Video",
"3": "Music",
"2": "Photos",
"1": "Files"
},
"scorelist": {
"1": "70",
"2": "20",
"3": "20",
"4": "20",
"5": "70",
"-2000": "10"
}
},
{
"name": "Accesscontrols",
"displayname": "Provides Granular Access Controls",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-2000": "10",
"-1000": "40"
}
},
{
"name": "Dlpintegration",
"displayname": "Integrated Data Loss Prevention Capability",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Encryptionstrength",
"displayname": "Encryption Strength at Rest",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"4": "None",
"3": "> 256 bit",
"2": "256 bit",
"1": "128 bit"
},
"scorelist": {
"1": "30",
"2": "20",
"3": "10",
"4": "50",
"-2000": "40",
"-1000": "60"
}
},
{
"name": "Devicepinning",
"displayname": "Support for Device Pinning",
"riskgroup": "User / Device risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "60",
"1": "10",
"-1000": "50"
}
},
{
"name": "Statueoflimitations",
"displayname": "Statute of Limitations",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"4": "Negotiated Terms",
"3": "Multiple Years",
"2": "1 Year",
"1": "None specified in ToU"
},
"scorelist": {
"1": "70",
"2": "20",
"3": "10",
"4": "20",
"-3000": "60",
"-1000": "50"
}
},
{
"name": "Privacypolicy",
"displayname": "Privacy Policy",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"8": "Negotiated Terms",
"7": "Collects and shares with 3rd party on customer's consent and on subpoena or applicable laws",
"6": "Collects and shares with 3rd party on customer's consent",
"5": "Collects and shares with 3rd party and on subpoena or applicable laws",
"4": "Shares only on subpoena or applicable laws",
"3": "Does not collect PII",
"2": "Collects data and does not share with 3rd party",
"1": "Collects and shares with 3rd party"
},
"scorelist": {
"1": "90",
"2": "20",
"3": "10",
"4": "30",
"5": "50",
"6": "50",
"7": "40",
"-3000": "40",
"8": "30",
"-1000": "70"
}
},
{
"name": "Copyrightcontrols",
"displayname": "Service Adherence to Copyright Controls",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"-3000": "Undefined",
"2": "Others",
"1": "DMCA"
},
"scorelist": {
"1": "20",
"2": "40",
"-3000": "70",
"-1000": "60"
}
},
{
"name": "Serviceinustrlist",
"displayname": "Service in USTR List",
"riskgroup": "Legal risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "70",
"-1000": "50"
}
},
{
"name": "Cvevulnerability",
"displayname": "Published CVE Vulnerability",
"riskgroup": "Service risk",
"valuelist": {
"1": "Yes",
"2": "Possible",
"0": "No"
},
"scorelist": {
"0": "10",
"1": "80",
"2": "30"
}
},
{
"name": "SslcertExpiryage",
"displayname": "Expiry of SSL Certificate",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"1": "Certificate Expired",
"2": "Less than 6 months",
"3": "6 months to 1 year",
"4": "1 year to 4 years",
"5": "Greater than 4 Years"
},
"scorelist": {
"1": "80",
"2": "30",
"3": "10",
"4": "50",
"5": "70",
"-2000": "40",
"-1000": "50"
}
},
{
"name": "SslcertSignaturealgorithm",
"displayname": "Signature Algorithm of SSL Certificate",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"1": "MD5 With RSA Encryption",
"2": "SHA1 With RSA Encryption",
"3": "SHA256 With RSA Encryption",
"4": "SHA512 With RSA Encryption",
"5": "Others"
},
"scorelist": {
"1": "80",
"2": "60",
"3": "30",
"4": "10",
"5": "60",
"-2000": "40",
"-1000": "50"
}
},
{
"name": "SslcertKeysize",
"displayname": "Key Size of SSL Certificate",
"riskgroup": "Data risk",
"valuelist": {
"-1000": "Not publicly known",
"-2000": "NA",
"1": "<= 256 bits",
"2": "1024 bits",
"3": "2048 bits",
"4": ">= 4096 bits"
},
"scorelist": {
"1": "80",
"2": "40",
"3": "20",
"4": "10",
"-2000": "60",
"-1000": "50"
}
},
{
"name": "Wafprotection",
"displayname": "Application Security Vulnerability Protection",
"riskgroup": "Service risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "70",
"1": "10",
"-1000": "40"
}
},
{
"name": "Gdprrisk",
"displayname": "EU GDPR",
"riskgroup": "Business risk",
"valuelist": {
"1": "GDPR Risk Low",
"2": "GDPR Risk Medium",
"3": "GDPR Risk High"
},
"scorelist": {
"1": "10",
"2": "40",
"3": "70"
}
},
{
"name": "Vulnerabletopoodle",
"displayname": "Vulnerable to Poodle",
"riskgroup": "Cyber risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80",
"-1000": "50"
}
},
{
"name": "Vulnerabletoheartbleed",
"displayname": "Vulnerable to Heartbleed",
"riskgroup": "Cyber risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80",
"-1000": "50"
}
},
{
"name": "Vulnerabletofreak",
"displayname": "Vulnerable to Freak",
"riskgroup": "Cyber risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80",
"-1000": "50"
}
},
{
"name": "Wafdetectionmode",
"displayname": "WAF Detection Mode",
"riskgroup": "Service risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "Blocking",
"1": "Monitoring",
"2": "Patching"
},
"scorelist": {
"0": "10",
"1": "20",
"2": "10",
"-1000": "80"
}
},
{
"name": "Vulnerabletodrown",
"displayname": "Vulnerable to Drown",
"riskgroup": "Cyber risk",
"valuelist": {
"-1000": "Not publicly known",
"0": "No",
"1": "Yes"
},
"scorelist": {
"0": "10",
"1": "80",
"-1000": "50"
}
}
]
}