Skip to content
SecPod  – Documentation
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
Search this website
Menu Close
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO

Saner Platform

  • Saner Platform Release Notes
    • Saner Platform Integration Release: ServiceNow Integration Introduced, Freshservice Enhanced
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner Platform Guide
    • Prerequisites For Saner SaaS Platform Deployment
    • Saner Administration Guide
    • Saner Device Management User Guide
    • Saner Platform and ServiceNow Integration Guide
    • Saner Platform and Freshservice Integration Guide
    • Saner Platform Function Guides
  • FAQs
    • Saner CVEM Technical FAQs
  • How Tos
    • General
      • How to increase the subscription count for an Account in Saner CVEM
      • How to increment license count for an Organization in Saner CVEM
      • How to provision Saner tools for an Organization
      • How to change subscription type in Saner CVEM
      • How to sign-up with Saner CVEM?
      • How to create a new account in Saner CVEM?
      • How to create a new user in Saner CVEM?
      • How to enable SSO authentication policy in Saner CVEM?
      • How to set alerts in Saner?
      • How to view, download and filter the audit logs?
      • How to designate Saner Agent to perform network scan?
      • How to Co-Brand with your logo?
      • How to fetch the details of the mandatory fields from the Okta account?
      • How to create MFA policy for Okta?
      • How to fetch the details of the mandatory fields from the PingID account?
      • How to create MFA policy for PingID?
      • How to fetch the details of the mandatory fields from the PingOne account?
      • How to create MFA policy for PingOne?
      • How to download and install Saner Agent in Mac?
      • How to download and install Saner agent in Linux?
      • How to download and install the Saner agent in Windows?
      • How to update the expiry date of an existing subscription?
      • How to manage users and their preferences using role-based access?
      • How to uninstall Saner Agent using Saner Offline deployer tool.
      • How to onboard a new organization?
      • How to deploy Saner Agent using Saner Offline deployer tool.
      • How to install a Saner agent through the command line?
      • How to uninstall the Saner agent through command line?
    • Saner Reports
      • How to configure mail settings to email Report PDF?
      • How to create a custom report in Saner?
      • How to schedule for the report back up?
    • Saner Device Management
      • How to create custom groups in Saner CVEM
    • Saner Mail Settings
      • How to create new mail settings in Saner?
      • How to use OAuth-enabled authentication in Saner mail settings
      • How to create OAuth Client ID and Client Secret for Gmail
      • How to create OAuth Client ID and Client Secret for Microsoft 365.
  • Supported OSs and Platforms
    • Operating Systems and Platforms Supported
    • Supported Third-party Applications for Patching

Saner Cloud

  • Before You Begin
    • Glossary of Terms
    • Read me First
  • Get Started
    • Prerequisites For Saner SaaS Platform Deployment
    • Saner Cloud Deployment Guides
      • Azure Onboarding
      • Troubleshooting
      • Get Started with Saner CNAPP AWS Cloud Deployment V1.0
      • Onboarding with AWS Credentials(Least Recommended Method)
      • Onboarding with AWS Role(Manual)
      • Onboarding with AWS Role CloudFormation (Automatic): Recommended
    • Roles and Permissions
      • Roles and Permissions for AWS Remediation Access
      • Roles and Permissions for Azure Onboarding, Detection, and Remediation
  • Learn About
    • Remediation Rollback
    • Automation and Job-driven Remediation
    • Cost and Usage
    • Excessive Permission Categories Evaluated Across Different Cloud Services
    • Publicly Accessible Resources
    • Patch Aging and Patch Impact
    • SecPod Default Benchmarks
    • Watchlists
    • Cloud Workload Protection Platform(CWPP)
    • Overview of Report Views in Saner Cloud
    • Whitelisting Resources
    • Saner Plasma AI Assistant for Seamless User Interaction
    • Critical Events to Monitor in AWS
    • High-Privilege Actions in Critical Activity Logs for AWS
    • Audit Logs in Saner Cloud
    • Excessive Permissions
    • Alerts in SanerCloud
  • User Guides
    • Cloud Cyber Hygiene Score(CCHS) User Guide
    • Cloud Security Remediation Management(CSRM) User Guide
    • Cloud Infrastructure Entitlement Management(CIEM) User Guide
    • Cloud Security Posture Anomaly(CSPA) User Guide
    • Cloud Security Asset Exposure(CSAE) User Guide
    • Cloud Security Posture Management(CSPM) User Guide
  • Tell Me How
    • How to Remediate in Saner Cloud?
    • How to Configure Automation Rule to Remediate Misconfigurations?
    • How to Manage Report Views at Organization-level in Saner Cloud?
    • How to Get a Cohesive View from Saner Cloud Unified Dashboard?
    • How to Use Tags to Quickly Filter Resources?
    • How to Troubleshoot Issues with Audit Logs?
    • How to Manage Groups and Tags in Saner Cloud?
    • How to Manage Report Views for a User Account in Saner Cloud?
    • How to Troubleshoot or Analyze with Critical Activity Logs?
    • How to Setup Alerts Across SanerCloud Tools?
    • How to Take Action on Alert Notifications from SanerCloud?
    • CSPM
      • How to Setup Benchmarks in Saner CSPM?
      • How to Use Quick Evaluation Benchmarks?
      • How to Detect Patterns over a Period with Resource Trends?
      • How to Assess System Compliance and Security Posture?
    • CSPA
      • How to Initiate Patch Remediation from CSPA Dashboard?
      • How to Quickly Identify the Detected and Remediated Anomalies for an Account?
      • How to Prioritize Remediation or Fixes based on Confidence Levels?
      • How to Examine the Overall Anomaly Information for Specific Rules or Checks?
      • How to Search and Retrieve Anomaly Data?
      • How to Whitelist Rules or Resources in Cloud Security Scans?
    • CIEM
      • How to See the Active Version for an IAM Policy?
      • How to Address Critical Activities Using Evidence?
      • How to View by Type and Usage for any Identity in CIEM?
      • How to Get Visibility into Cloud Entitlements?
      • How to Use Evidence to Address Policies with Excessive Permission?
      • How to Know the Excessive Permissions on a Specific Service?
      • How to Visually See the Relationship between Identity, Entitlement, Policy, or Permission?
      • How to Determine if a Policy has Excessive Permission?
      • How to Initiate Remediation for Different Identities from CIEM?
    • CSRM
      • Rollback an Applied Remediation
      • How to Configure Automation Rule to Remediate Misconfigurations?
      • How to Create a Patching Task for Items Currently in “Approval Pending” State?
      • How to Evaluate Remediation Effort with Patching Impact Chart?
      • How to Prioritize and Address Older or High-Risk Anomalies with Patch Aging?
      • How to Monitor the Overall Status of the Remediation Job?
      • How do I Get to Know the Regions Impacted by a Specific Rule?
      • How to View the Severity of a Missing Patch Affected by a Rule?
      • How to Address Missing Patches Via Remediation Tasks?
      • How to Quickly Access the Necessary Tool for Remediation and Begin Patching Tasks?
    • CSAE
      • How to Setup Watchlist Configuration for a Resource?
      • How to Identify Outdated Resources for Cleanup?
      • How does Resource Categorization Work in Saner CSAE?
      • How to Identify Resources Exposed to External Network?
      • How to Understand the Resource Footprint Globally Across Various Regions?
      • How to Make Informed Decisions on Your Expenditure based on Resource Usage Graph?
  • Frequently Asked Questions
    • Saner Cloud Technical FAQs
  • Saner Cloud Release Notes
    • Saner Cloud – V.1.2.0.0 Release Notes
    • Saner Cloud – V.1.1.0.0 Release Notes
    • Saner Cloud – V.1.1 Release Notes
    • Saner Cloud – V.1.0 Release Notes
  • Security Intelligence for Saner Cloud
    • Benchmark Compliance Rules in AWS and Azure
      • Azure
        • NIST 800-53 Revision Rules in Azure
          • NIST 800-53 Revision 5 Rules in Azure: An Overview
          • Understand NIST 800-53 Revision 5 Rules in Azure
          • Understand NIST 800-53 Revision 5 Global Rules in Azure
          • Understand NIST 800-53 Revision 5 Regional Rules in Azure
        • SecPod Rules in Azure
          • SecPod Default Rules in Azure: An Overview
          • Understand SecPod Global Rules in Azure
          • Understand SecPod Regional Rules in Azure
          • Understand SecPod Default Rules in Azure
        • HIPAA HITRUST Rules in Azure
          • HIPAA HITRUST Rules in Azure: An Overview
          • Understand HIPAA HITRUST 14.7.0 Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Global Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Regional Rules in Azure
        • PCI DSS Rules in Azure
          • PCI DSS 3.2.1 Rules in Azure: An Overview
          • Understand PCI DSS 4.0 Rules in Azure
          • Understand PCI DSS 4.0 Global Rules in Azure
          • Understand PCI DSS 4.0 Regional Rules in Azure
        • SOC 2 Rules in Azure
          • SOC 2 Rules in Azure: An Overview
          • Understand SOC2 Rules in Azure
          • Understand SOC2 Global Rules in Azure
          • Understand SOC2 Regional Rules in Azure
        • CIS Rules in Azure
          • CIS Rules in Azure: An Overview
          • Understand CIS 1.2.0 Rules in Azure
          • Understand CIS 2.1.0 Rules in Azure
          • Understand CIS 1.1.0 Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Benchmark Compliance Rules in Azure
          • Understand CIS 1.2.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 2.1.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 2.1.0 Regional Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Regional Benchmark Compliance Rules in Azure
      • AWS
        • SecPod Rules in AWS
          • SecPod Default Rules in AWS: An Overview
          • Understand SecPod Default Rules in AWS
          • Understand SecPod Global Rules in AWS
          • Understand SecPod Regional Rules in AWS
        • PCI DSS 3.2.1 Rules in AWS
          • PCI DSS 3.2.1 Rules in AWS: An Overview
          • Understand PCI DSS 3.2.1 Rules in AWS
          • Understand PCI DSS 3.2.1 Global Rules in AWS
          • Understand PCI DSS 3.2. 1 Regional in AWS
        • CIS Rules in AWS
          • CIS Rules in AWS: An Overview
          • Understand CIS Rules in AWS
          • Understand CIS 3.0.0 Rules in AWS
          • Understand CIS 4.0.1 Rules in AWS
          • Understand CIS 4.0.0 Rules in AWS
          • Understand CIS 3.0.0 Global Rules in AWS
          • Understand CIS 4.0.0 Global Rules in AWS
          • Understand CIS 3.0.0 Regional Rules in AWS
          • Understand CIS 4.0.0 Regional Rules in AWS
        • HIPAA HITRUST Rules in AWS
          • HIPAA HITRUST Rules in AWS: An Overview
          • Understand HIPAA HITRUST Rules in AWS
          • Understand HIPAA HITRUST Global Rules in AWS
          • Understand HIPAA HITRRUST Regional Rules in AWS
        • NIST 800-53 Revision 5 Rules in AWS
          • NIST 800-53 Revision 5 Rules in AWS: An Overview
          • Understand NIST 800-53 Revision 5 Rules in AWS
          • Understand NIST 800-53 Revision 5 Global Rules in AWS
          • Understand NIST 800-53 Revision 5 Regional Rules in AWS
        • SOC 2 Rules in AWS
          • SOC 2 Rules in AWS: An Overview
          • Understand SOC 2 Rules in AWS
          • Understand SOC 2 Global Rules in AWS
          • Understand SOC 2 Regional Rules in AWS
    • Posture Anomaly Checks in AWS and Azure
      • Implementing Posture Anomaly Checks in AWS
      • Implementing Posture Anomaly Checks in Azure
    • Infrastructure Entitlement Checks in AWS and Azure
      • Implementing Infrastructure Entitlement Checks in Azure
      • Implementing Infrastructure Entitlement Checks in AWS

Saner CVEM

  • Saner CVEM Release Notes
    • Release Notes Saner 6.5
    • Saner Platform Integration Release: ServiceNow Integration Introduced, Freshservice Enhanced
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • SanerNow Risk Prioritization Launch
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner CVEM Guide
    • What’s New in Saner CVEM?
    • Getting Started with Saner CVEM
    • Pre-requisites for Saner CVEM Deployment
    • How does Saner CVEM’s deployment architecture work?
  • Saner CVEM Products
    • Overview of Saner Continuous Vulnerability and Exposure Management
    • Saner CVEM Unified Dashboard User Guide
    • Saner CVEM Asset Exposure User Guide
    • Saner CVEM Continuous Posture Anomaly Management User Guide
    • Data Points IT teams can Fetch from Saner CPAM
    • Posture Anomaly Computation Rules
    • Saner CVEM Vulnerability Management User Guide
    • Saner CVEM Compliance Management User Guide
    • Saner CVEM Risk Prioritization User Guide
    • Saner CVEM Patch Management User Guide
    • Saner CVEM Endpoint Management User Guide
    • Saner CVEM Remote Scripting User Guide
    • Saner CVEM Remote Access User Guide
    • Saner CVEM Network Scanner User Guide
    • Saner CVEM Cyber Hygiene Score User Guide
  • How Tos
    • Saner AE
      • How to blacklist and whitelist applications in Saner AE?
      • How to manage asset licenses using Saner AE?
      • How to run an asset scan using Saner AE?
    • Saner CPAM
      • How to create new response in PA tool?
      • How to build your own detection and response in PA tool?
      • How to whitelist an entire PA ID?
      • How to configure Posture Anomaly tool for custom detection?
      • How to fix Anomalies from PA dashboard?
      • How to fix anomalies detected in your account from All Anomalies Page?
      • How to fix anomalies from PA Summary page?
      • How to delete PA scan preferences?
      • How to schedule PA Scans on Daily, Weekly, and Monthly basis?
      • How to launch Posture Anomaly scans?
    • Saner CM
      • How to run a compliance scan?
      • How to custom create a security policy?
      • How to align with PCI security compliance management?
      • How to align with NIST 800-171 security compliance management?
      • How to align with NIST 800-53 security compliance management?
      • How to align with HIPAA security compliance management using Saner CM?
    • Saner VM
      • How to automate and schedule vulnerability scans?
      • How to exclude vulnerabilities in Saner VM tool
      • How to manage excluded vulnerabilities in Saner VM?
      • How to remediate vulnerabilities from vulnerability management dashboard?
    • Saner PM
      • How to fix firmware in Saner?
      • How to exclude patches in Saner PM?
      • How to manage excluded patches in Saner PM?
      • How to automate patch management in Saner PM?
      • How to roll back patches in Saner PM?
      • How to specify Service Level Agreement (SLA) using Remediation SLA in Saner PM?
      • How to apply missing patches in Saner PM?
      • How to apply the most critical patches in Saner PM?
      • How to perform custom remediation for applications that require paid patches using Saner PM
      • How to check the status of patching activity?
    • Saner EM
      • How to collect all security events from Windows Events Log?
      • How to check password policy set in Windows systems?
      • How to check status of DEP in Windows systems?
      • How to check faulty Anti-Virus (AV) status in Windows systems?
      • How to check for Anti-Virus (AV) status in Windows systems?
      • How to check account lockout policy on Windows systems?
      • How to check if Bit-locker protection is OFF in Windows systems?
      • How to list all inactive users on Windows systems?
      • How to list all guest accounts in Windows systems?
      • How to list all Administrator accounts on Windows systems?
      • How to list last-logon details of users on Windows systems?
      • How to identify all users in Windows systems?
      • How to collect all services that are currently running in Windows systems?
      • How to list all Groups in Windows systems?
      • How to collect all keyboard and pointing devices connected to Windows systems?
      • How to collect all storage devices connected to Windows systems?
      • How to investigate total RAM or CPU threshold (greater than or equal to 80%) in Windows systems?
      • How to collect operating systems information in Windows?
      • How to investigate disks running out of space (<100 MB) in Windows systems?
      • How to collect and investigate disk information on Windows systems?
      • How to collect all installed patches in Windows systems?
      • How to collect all software patches that are hidden in the Windows Update server?
      • How to check the status of Windows Update Server (WSUS/SCCM)?
      • How to collect BIOS information such as serial number, version, manufacturer in Windows systems?
      • How to collect all the important missing patches in Windows systems?
      • How to check wireless security in Linux systems?
      • How to collect mounted disk information on Linux systems?
      • How to check wireless signal quality in Linux systems?
      • How to check all firewall policies on Linux systems?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Linux systems?
      • How to collect DNS information on Linux systems?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing in Linux?
      • How to check wireless signal quality in Windows systems?
      • How to check wireless security in Windows systems?
      • How to collect all open ports in Windows systems?
      • How to collect all network interfaces in Windows systems?
      • How to investigate DNS cache on Windows systems?
      • How to check all firewall policies on Windows systems?
      • How to collect DNS information on Windows systems?
      • How to collect all the applications with an unknown publisher in Linux systems?
      • How to perform system tuning?
      • How to collect all software licenses in Windows systems?
      • How to identify potentially unwanted programs such as torrent downloaders or unnecessary toolbars running on Windows systems?
      • How to collect a list of applications that are started when you boot your computer?
      • How to collect all the applications with an unknown publisher in Windows systems?
      • How to collect all software licenses in Mac systems?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing Windows?
      • How to collect all families of operating systems such as Windows, Unix, and macOS?
      • How to collect environment variables set in all operating systems?
      • How to collect all the applications with an unknown publisher in Mac systems?
      • How to delete and quarantine a file?
      • How to start and stop the processes in Saner?
      • How to block blacklisted applications in Saner?
      • How to enable/disable devices in Saner
      • How to manually import devices into Saner?
      • How to deploy software in Saner EM?
      • How to enable and disable firewall settings in Saner AE?
      • How to collect all shared resources on Windows systems?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Windows systems?
      • How to connect to a client machine graphically using Saner Remote Access
  • FAQs
    • Saner CVEM Technical FAQs

Security Intelligence

  • Overview of Security Content and Intelligence
  • Security Content Statistics
  • OVAL Definitions Platform Coverage
  • OVAL Definitions Class-wise Distribution
  • OVAL Definitions Family-wise Distribution
  • Application and OS Remediation Coverage
  • Compliance Benchmark Coverage
  • List of Vulnerability to Exploit/Malware Mapping covered in Saner
  • Network Scanner Product Support Matrix
  • Privilege levels for authenticated scans using Saner Network Scanner
View Categories
  • Home
  • Docs
  • Saner Cloud
  • User Guides
  • Cloud Cyber Hygiene Score(CCHS) User Guide

Cloud Cyber Hygiene Score(CCHS) User Guide

Print Friendly, PDF & Email

Saner Cloud offers a comprehensive Cyber Hygiene Scoring (CCHS) framework designed to help organizations measure and monitor their cloud security posture. The scoring consists of three components: Raw Score, Global Score, and Local Score, which together provide a complete assessment of risks across cloud environments.

To get started, users can access CHS from the CNAPP Infra(organization) or account level dashboards to gain deeper insights. At the organizational level, users can track their overall security posture, review cyber hygiene across various accounts, assess risk distribution among different cloud providers, and more. At the account level, users can access detailed insights, including the distribution of cyber hygiene scores across cloud environments, module-wise risk analysis, key issues leading to score decreases, security details at the resource level, and more.

Saner Cloud also enables organizations to analyze risks from multiple perspectives. This includes identifying high-risk resources based on their geo-location, evaluating service-level risks through CHS scores, assessing resource health by severity, monitoring trends in resource risk, and analyzing changes in cyber hygiene scores over time. These features allow organizations to identify vulnerabilities, prioritize remediation efforts, and effectively strengthen their overall cloud security posture.

Follow the links to perform the requisite action from the organization or account level dashboard views.

Organization Level

  • Cyber Hygiene Score
  • CHS based on Cloud Provider
  • Cyber Hygiene Trend
  • CHS Account Overview
  • Resources Severity Distribution
  • Risk Percentage based on Resource Category

Account Level

  • Cyber Hygiene Score
  • CHS Distribution
  • Cyber Hygiene Trend
  • CHS Resource Overview
  • Resources Severity Distribution
  • Risk Percentage based on Resource Category
  • Top 10 Services by Risk
  • Resource Risk Trend
  • Concerning Resources Based on Geo Locations
  • Top 5 Contributors

Saner Cloud Cyber Hygiene Scoring Approach

The Cyber Hygiene Score framework utlilizes three key scoring mechanisms: Raw Score, Global Score, and Local Score, to assess the security posture of a resource.

Here’s a quick look at each of these scoring mechanisms:

Raw Score

A Raw Score is a measure of a resource’s total attack surface that is independent of context. It is calculated across four dimensions: misconfigurations (Cloud Security Posture Management – CSPM), posture anomalies (Cloud Security Posture Anomaly – CSPA), missing patches (Cloud Security Risk Management – CSRM), and identity-related issues (Cloud Infrastructure Entitlement Management – CIEM). The score can theoretically range from 0 to infinity. Users have the flexibility to assign custom weightings to each dimension, with the default setting being 25% for each. A higher Raw Score indicates greater exposure and lower security for the resource.

Global Score

The Global Score is a standardized metric that is derived from the Raw Score and is inversely related to it. It ranges from 0 to 100, but in practice, it usually falls between 0.96 and 99.6. A higher Raw Score leads to a lower Global Score, indicating a decrease in the security of the resource.

A score of 100 is deliberately excluded, as no resource can ever be considered 100% secure in real-world scenarios.

Local Score

Local Score is a percentile-based metric that reflects a resource’s security posture in relation to other similar resources within a specific account. It is derived from an inverse transformation of the Raw Score, meaning that as the Raw Score increases, the Local Score decreases, indicating weaker security. Since the Local Score is dependent on the account, the same resource can have different Local Scores across different accounts. The most secure resource is assigned a score of 100, while the least secure receives a score of 0.

Get Started

Saner Cloud offers easy access to the Cyber Hygiene Score (CCHS) through various dashboards, allowing organizations to quickly assess their security posture. Users can view the score from either the Organization-Level (or Infra Dashboard) by clicking on the Cyber Hygiene Score view, which provides a comprehensive overview of security across the enterprise. Additionally, the score can be accessed from the Account-Level Dashboard for more detailed insights related to a specific account. This flexibility ensures that both high-level organizational trends and detailed account-level information are readily available for continuous security monitoring.

Access CCHS from the CNAPP Infra(Organization) Dashboard

To access CCHS, just go ahead and click the Cyber Hygiene Score view from the CNAPP Infra(Organization) dashboard.

CNAPP Infra Dashboard

Access CCHS from the Overall Account-Level Dashboard

To access CCHS, just go ahead and click the Cyber Hygiene Score view from the Account-level dashboard.

Configure Account Weightage

The Account Weightage Configuration in CHS helps specify how different risk dimensions, such as Identities & Entitlements, Posture Anomalies, Misconfigurations, and Missing Patches, affect the overall score.

By adjusting these weightings, organizations can align their Cyber Hygiene Score with their security priorities, ensuring an accurate representation of risk. This approach helps direct remediation efforts toward the most significant areas, ultimately making the CHS a more tailored and actionable measure of security posture.

Configure Current and New Weightage for CHS

The Manual option in Account Weightage Configuration allows administrators to assign custom weightage to key risk dimensions such as Identities & Entitlements, Posture Anomalies, Misconfigurations, and Missing Patches.

It is essential that the total weightage adds up to 100. In-order to do this, see the Current weightage and accordingly adjust the New Weightage, increase or decrease a numeric value using the up and down arrow buttons, or enter a number directly into the field and save your settings.

Assign Weightages Using the Slider

To assign the weightage from the Auto option, just move the slider corresponding to risk dimensions, such as Identities & Entitlement, Posture Anomalies, Misconfigurations, and Missing Patches, and save your settings.

Explore the Dashboard Views at Organization and Account Levels

Saner Cloud offers comprehensive dashboard views that enable you to monitor, analyze, and enhance your organization’s overall security posture. At the organizational level, the dashboard highlights key metrics, including the overall Cyber Hygiene Score (CHS), its distribution across cloud providers, trend analysis, account-level overviews, resource severity distribution, and risk percentages by resource categories.

At the account level, the dashboard provides deeper insights into individual accounts, showcasing CHS distribution, hygiene trends, detailed resource overviews, severity breakdowns, category-wise risk percentages, and critical risk indicators. These indicators include the top 10 services by risk, resource risk trends, concerning resources based on geolocation, and the top 5 contributors affecting the score.

This dual-level visibility allows security teams to monitor posture both comprehensively at the organizational level and in detail at the account level, facilitating proactive and informed risk management.

Take a Glance at the Organization-Level Dashboard
Take a Glance at the Account-Level Dashboard

Track Security Posture with Cyber Hygiene Score

The Cyber Hygiene Score (CHS) in Saner Cloud allows you to continuously monitor and assess the security posture. By offering measurable insights into cloud security health, the CHS tool aids in identifying risks, tracking improvements, and ensuring proactive compliance at both the organization-level and account-level.

Cyber Hygiene Score at Organization Level

The Cyber Hygiene Score dashboard view displays the organization’s overall CHS as a weighted average of accessible account scores. The 0–100 scale offers a clear view of the current security posture.

The gauge features a color gradient ranging from red (indicating a low score) to green (indicating a high score), with 50 marking the midpoint.

Cyber Hygiene Score at Account Level

Displays the Cyber Hygiene Score trend over the past 30days.

At the account level, the score for the current week shows an increase or decrease of +x OR -x points compared to previous measurement period, reflecting the change in the overall cybersecurity posture.

What does increase(+x) in CHS indicate?

The positive score in the Cyber Hygiene Score indicates that your organization’s overall security posture has improved compared to the previous measurement period.

A positive change in the Cyber Hygiene Score indicates an improved security posture, typically achieved by addressing vulnerabilities or misconfigurations, applying necessary security patches, enhancing access controls, eliminating insecure or unused assets, and adopting recommended security best practices.

In summary, higher score indicates reduced risk exposure and better alignment with cybersecurity standards.

What does decrease(-x) in CHS indicate?

The negative indicates a decline in cybersecurity posture, signalling the need for immediate investigation and remediation.

Additionally, there is an option to export data in CSV format for detailed analysis.

How does Saner Cloud Compute the Cyber Hygiene Score?

The Cyber Hygiene Score (CHS) for a resource is calculated as a weighted average of its Global Score and Local Score, with default weightings of 80% for the Global Score and 20% for the Local Score. The Global Score indicates the overall security posture of a resource, while the Local Score evaluates it in comparison to similar resources within the same account. Together, these scores provide a comprehensive view of both absolute and relative security. The CHS typically ranges from 0.96 to 99.6, with higher scores signifying stronger security hygiene.

View the Cyber Hygiene Score Distributed Across Cloud Environments

The CHS based on Cloud Provider chart illustrates how these scores are distributed across different cloud environments(AWS and Azure) within your organization.

At Organization Level

Each provider is represented by its corresponding score, making it easy to compare the security posture of each platform. This visualization helps identify which environments are performing well and which ones need further attention to enhance overall cloud security hygiene.        

Analyze Module-Wise Risk Through CHS Distribution

The CHS Distribution presented as a Radar Chart illustrates the relative contributions of different modules, such as CIEM, CSPM, and CSRM to the organization’s overall risk posture.

At Account Level

When you hover your cursor over the chart, the data point for the selected tool highlights, displaying its score marked by a red dot and further detailed in a tooltip. Each axis of the chart represents a specific security module, and the plotted points (for example, CIEM with a CHS Score of 4.43) indicates the strength or weakness in that particular area.

By visualizing the modules in this way, the chart highlights which areas contribute the most to potential attack vectors. It helps identify imbalances, weak points, and priority areas for remediation within the Cyber Hygiene framework.

The concentric levels on the chart represent different score ranges, facilitating a quick visual comparison of performance across tools.

Additionally, there is an option to download the data in CSV format.

To gain deeper insight into the factors(misconfigurations, identities, posture anomalies, and missing patches) contributing to bringing down the CHS score of the account, refer to the section: Top 5 Contributors for the decrease in cyber hygiene score.

Review Major Issues Contributing to the Drop of Cyber Hygiene Score at Account-Level

The dashboard block outlines the Top 5 Contributors for the decrease in cyber hygiene score.

At Account Level

Issues display in a tabular format based on the Misconfigurations, Identities & Entitlement, Posture Anomalies, or Missing Patches that you choose.

ColumnDescription
ID Id corresponding to the relevant tool
TitleBrief title of the issue
SeveritySeverity level of the issue. The severity classifications are categorized as Critical, High, Medium, and Low allowing for effective prioritization of remediation efforts
ResourcesImpacted resources for the corresponding service
ServicesAffected Cloud Service
FixClick the Fix icon redirects to the corresponding tool for remediation

Additionally, the table offers search, navigation, and CSV export options to facilitate streamlined analysis and reporting.

Assess Risk Distribution for Different Cloud Providers

Saner Cloud allows organizations to evaluate the distribution of risks across various cloud providers at both the organizational and account levels. At the organizational level, it offers a consolidated view of risks across all connected providers, helping to provide a comprehensive understanding of the overall security posture. At the account level, it delivers a detailed breakdown of risks within individual accounts, enabling security teams to identify and effectively address specific vulnerabilities.

At Organization Level

The Risk Percentage based on Resource Category chart utilizes a heat map to illustrate the proportion of risk associated with various types of resources across AWS and Azure.

At Account Level

The Risk Percentage by Resource Category chart utilizes a heat map to illustrate the proportion of risk associated with various types of resources, including Compute, Databases, Networking & Content Delivery, Analytics, Security & Compliance, and Storage.

Each block in the chart represents a resource category, with its size and shading indicating the relative level of risk. For example, Databases account for 4.0% of the overall risk.

This visualization effectively highlights which categories contribute most to organizational risk, allowing for better prioritization of remediation efforts across different resource types.

Review Organization-Level Cyber Hygiene Across Accounts

At Organization Level

The CHS Account Overview table provides an organization-level view of Cyber Hygiene Scores across multiple cloud accounts. It compares these accounts by detailing their cloud provider, CHS score, risk status, number of poor(critical) resources, total resource count, regions covered, and last scan details.

For instance, the AWS account has a CHS score of 75, which falls under medium risk severity and has 897 poor(critical) resources. In comparison, the Azure account has a CHS score of 92, indicating low risk status, with 59 poor(critical) resources. This overview enables organizations to identify which accounts have stronger or weaker security hygiene, prioritize their remediation efforts, and maintain a balanced security posture across their environments.

Get an Overview of Cyber Hygiene for Cloud Resources

At Account Level

The CHS Resource Overview table provides a comprehensive list of cloud resources, including their IDs, names, associated services, regions, public accessibility status, and security posture scores.

The table displays both local and global scores, along with an overall Cyber Hygiene Score that features color-coded indicators for quick risk assessment.

Resources with lower CHS values, for example, the resource located in the ap-northeast-1 region with a cyber hygiene score of 4, indicate areas that require immediate attention. This information allows teams to focus their remediation efforts on the most vulnerable resources.

View Detailed Information of Selected Resource’s Security Posture

Clicking on a Cyber Hygiene Score in the CHS Resource Overview view opens a pop-up that displays detailed information about the selected resource’s security posture. This pop-up features a visual score gauge, as well as both local and global scores. Key metadata is also included, such as Resource ID, Resource Name, and Service Type. This detailed view allows users to quickly assess the health of individual resources, identify areas of weakness, and prioritize remediation actions to enhance overall cyber hygiene.

Filter Resources with Tags in CHS Resource Overview

In the CHS Resource Overview block, tags act as metadata-based filters that help users organize and refine the displayed resources. By selecting tag categories such as region name, service, group, or cloud provider, and applying specific filter conditions, users can quickly narrow down the resource list to focus on relevant subsets.

This approach enhances the analysis of cyber hygiene scores by isolating critical resources based on factors like geography, service type, or organizational grouping. As a result, it streamlines security assessments and prioritization.

Search in CHS Resource Overview

The Search feature allows users to quickly find specific resources within the CHS Resource Overview table. By entering keywords, resource IDs, or partial strings, the table dynamically filters the results to display only the matching entries.

This functionality helps users easily locate a particular resource or group of resources without the need to manually scan through large datasets.

Identify High-Risk Resources by Geo Location

At Account Level

The Concerning Resources Based on Geo Locations chart highlights regions with the highest risk resources. It shows the distribution of these concerning(critical) resources and services across different regions, resource types, and service types, allowing organizations to evaluate the geographic concentration of risks. This information helps organizations proactively monitor regional risk exposure and take targeted remediation measures if risky resources are identified in specific geographic areas.

Markers on the world map indicate the physical locations of monitored resources, enabling a quick visualization of their geographic distribution across North America, Europe, and Asia. Moving your cursor on any of the dots displays the region, CHS score, total resources type, and total services type available in that specific region.

With zoom controls and the ability to export data as a CSV file, this dashboard block allows security teams to assess regional coverage, identify location-specific risks, and prioritize actions based on the distribution of resources and services.

Analyze Cyber Hygiene Scores Through Trend Chart

The Trend Chart offers a visual representation of Cyber Hygiene Scores (CHS) over time, allowing organizations to monitor and assess their overall security posture. It can be examined at both the organizational and account levels, helping stakeholders identify improvements, risks, and inconsistencies in cyber hygiene.

Analyze Organization-Wide Cyber Hygiene Score Trend

The Cyber Hygiene Trend graph displays the organization’s Cyber Hygiene Score (CHS) tracked over time.

The real-time example of dashboard view communicates that for most of the timeline, specifically from July 30, 2025, to August 25, 2025, the score remains consistently at 0, indicating a lack of measurable security posture or unavailability of data during that period.

On August 26, 2025, there is a significant spike, with the organization’s CHS reaching 85, suggesting an improvement in security hygiene. However, the score quickly drops back to 0 on August 28, 2025, reflecting instability in the organization’s cyber hygiene posture or possible inconsistencies in data collection, remediation, or configuration.

This pattern highlights that the organization’s overall security posture has been weak and inconsistent, with only a brief improvement observed. Continuous monitoring, sustained remediation, and validation are required to maintain a stable and reliable Cyber Hygiene Score over time.

Compare Current and Predicted Trend at Account-Level

The Cyber Hygiene Trend graph displays the account scores over the past 30 days and helps compare the current scores to the predicted scores for the upcoming day.

The real-time example of dashboard view displays the evolution of the account’s security posture over a period.

This trend underscores the vulnerabilities that affected the security posture as well as the success of remediation efforts in restoring cyber hygiene.

Evaluate Service-Level Risks Using CHS Scores

The Top 10 Services by score chart illustrates Cyber Hygiene Scores (CHS) for various services in a bar chart format.

At Account Level

Services with lower scores indicate a higher risk, while those with higher scores demonstrate a stronger security posture.

For instance, the service “ec2” has a CHS score of 87, placing it in the mid-range for risk compared to other services. This visualization enables quick identification of the riskiest services, allowing for prioritized remediation efforts to enhance overall security.

Move your cursor over the bars in the chart to easily identify which services contribute the most to their respective cyber hygiene scores.

Assess Resource Health Through Severity Distribution

The Resources Severity Distribution chart shows how all resources are spread across 4 severity levels: Poor, Fair, Good and Excellent. This provides a quick overview of the overall condition of resources, highlighting areas that are performing well and those that may require closer attention. The chart helps in identifying priorities for improvement while also tracking the proportion of resources maintaining

Review Resource Distribution by Severity Levels at Organization-Level

The Resources Severity Distribution chart  displays the total count of resources categorized into 4 severity levels: Poor, Fair, Good, and Excellent. This visualization provides insights into the overall health and risk profile of organization-level resources. Additionally, this breakdown enables security teams to quickly identify critical areas that require immediate remediation, while also acknowledging the areas that are performing well in terms of cyber hygiene.

Review Resource Distribution by Severity Levels at Account-Level

The Resources Severity Distribution chart  displays the total count of resources categorized into 4 severity levels: Poor, Fair, Good, and Excellent. This visualization provides insights into the overall health and risk profile of account-level resources. Additionally, this breakdown enables security teams to quickly identify critical areas that require immediate remediation, while also acknowledging the areas that are performing well in terms of cyber hygiene.

Monitor Resource Risk Trends for CHS

The Resources Risk Trend graph tracks the movement of resources across various risk categories: Poor, Fair, Good, and Excellent. These transitions impact the overall Cyber Hygiene Score (CHS).

At Account Level

Move your cursor over the data point in the chart to display the latest count for the different risk categories in a tooltip.

This trend analysis is essential for evaluating the effectiveness of remediation efforts, monitoring changes in security posture, and prioritizing actions to enhance the overall cyber hygiene.

You also have an option to export the data into a spreadsheet by clicking the CSV button on the top-right of the block.

Share This Article :

  • X
  • LinkedIn
Still stuck? How can we help?

Saner Documentation Feedback

Table of Contents
  • Saner Cloud Cyber Hygiene Scoring Approach
  • Get Started
  • Configure Account Weightage
  • Explore the Dashboard Views at Organization and Account Levels
    • Track Security Posture with Cyber Hygiene Score
    • View the Cyber Hygiene Score Distributed Across Cloud Environments
    • Analyze Module-Wise Risk Through CHS Distribution
    • Review Major Issues Contributing to the Drop of Cyber Hygiene Score at Account-Level
    • Assess Risk Distribution for Different Cloud Providers
  • Review Organization-Level Cyber Hygiene Across Accounts
  • Get an Overview of Cyber Hygiene for Cloud Resources
  • Identify High-Risk Resources by Geo Location
  • Analyze Cyber Hygiene Scores Through Trend Chart
  • Evaluate Service-Level Risks Using CHS Scores
  • Assess Resource Health Through Severity Distribution
  • Monitor Resource Risk Trends for CHS
Copyright 2025 - SecPod. All Rights Reserved. Privacy Policy.
SanerNow Version 6.5.x