RCTS CERT Rating is the characterization in six categories (“A” to “F”) of how RCTS CERT externally analyzes the cybersecurity of RCTS entities’ infrastructures.
![A to F Scale](https://www.cert.rcts.pt/wp-content/uploads/2020/07/escala-eng.png)
This Rating is not public, and is only communicated to the institution itself included in its Monthly Security Report.
RCTS CERT Rating is determined using a number of parameters including:
- The number of computer security incidents reported and the time (in days) which they remain unsolved;
- The number of vulnerabilities;
- The number of malware events (connections to botnets, etc);
- The number of copyright infringements reported;
- Detected defacements;
- Detections on RCTS datacenters’ intrusion detection systems;
- IP addresses listed on blocklists;
- The main DNS domain configuration used by the organisation (DNSSec and inhibiting zone transfer);
- Domain protection in terms of sending messages (SPF , DKIM and DMARC records);
- Main webserver configurations (Headers, Server Signature and SSL Certificate);
- The formalization of a local CSIRT (Computer Security Incident Response Team).
Parameters have a global weight between 5% and 15%. Values for each parameter are detailed in the monthly reports. More details about each parameter are in this document.
The ranges that define each category are as follows:
![Escala A a F](https://www.cert.rcts.pt/wp-content/uploads/2022/09/legenda_1.png)
If you have any questions about your institution’s RCTS CERT Rating, please contact RCTS CERT (info@cert.rcts.pt).