RCTS CERT Rating is the characterization in six categories (“A” to “F”) of how RCTS CERT externally analyzes the security of RCTS entities’ infrastructures.
This Rating is not public, and is only communicated to the institution itself included in its Monthly Security Report.
RCTS CERT Rating is determined using a number of parameters including:
- The number of computer security incidents reported and the time (in days) which they remain unsolved;
- The number of vulnerabilities;
- The number of malware events (connections to botnets, etc);
- The number of copyright infringements reported;
- The main domain configuration used by the organisation;
- Domain protection in terms of sending messages (SPF and DMARC records);
- The formalization of a local CSIRT (Computer Security Incident Response Team).
Since the various institutions have different sizes in terms of infrastructure, some of the parameters are indexed to the use of different IPv4 addresses (observed in real traffic metadata).
If you have any questions about your institution’s RCTS CERT Rating, please contact RCTS CERT (firstname.lastname@example.org).