Compliance-based risk

Risk is not only CVEs and patches. Misconfigurations, identity gaps, and missing controls each map to the frameworks auditors hold you to. This page rolls security findings up into risk by framework, so you can see where you are most exposed against the standard you report on.

It is part of the Security Center rollup, alongside the patch, CVE, and configuration trackers. Start from the frameworks hub for the per-framework crosswalks.

Open risk by framework

Illustrative. For your own tenant the numbers come from a scan: each failed check is weighted by Severity and mapped to the controls it evidences, then summed per framework.

MCSB

72

CISA SCuBA

64

NIST 800-53

58

CIS

46

SOC 2

38

HIPAA

29

Critical exposure High Medium Lower

How risk rolls up into a framework score

Findings. Failed configuration checks, missing patches, exploited CVEs, and identity gaps, each with a Severity.

Mapping. Each finding maps to the controls it evidences across MCSB, SCuBA, SOC 2, CIS, HIPAA, and NIST 800-53.

Rollup. Severity-weighted failures are summed per framework, so a few Critical gaps outweigh many minor ones.

Remediation. Fixing one finding can lift several frameworks at once. Senserva proposes approve-before-apply fixes and re-scores.

Senserva customers see this scored for their own tenant, tied to live scan state, missing patches, and CVEs. Sign in to load yours, or scan free.