Cloud Cyber Hygiene Score(CCHS) User Guide

A Raw Score is a measure of a resource’s total attack surface that is independent of context. It is calculated across four dimensions: misconfigurations (Cloud Security Posture Management – CSPM), posture anomalies (Cloud Security Posture Anomaly – CSPA), missing patches (Cloud Security Risk Management – CSRM), and identity-related issues (Cloud Infrastructure Entitlement Management – CIEM). The score can theoretically range from 0 to infinity. Users have the flexibility to assign custom weightings to each dimension, with the default setting being 25% for each. A higher Raw Score indicates greater exposure and lower security for the resource.

The Global Score is a standardized metric that is derived from the Raw Score and is inversely related to it. It ranges from 0 to 100, but in practice, it usually falls between 0.96 and 99.6. A higher Raw Score leads to a lower Global Score, indicating a decrease in the security of the resource.

A score of 100 is deliberately excluded, as no resource can ever be considered 100% secure in real-world scenarios.

Local Score is a percentile-based metric that reflects a resource’s security posture in relation to other similar resources within a specific account. It is derived from an inverse transformation of the Raw Score, meaning that as the Raw Score increases, the Local Score decreases, indicating weaker security. Since the Local Score is dependent on the account, the same resource can have different Local Scores across different accounts. The most secure resource is assigned a score of 100, while the least secure receives a score of 0.

To access CCHS, just go ahead and click the Cyber Hygiene Score view from the CNAPP Infra(Organization) dashboard.

CNAPP Infra Dashboard

To access CCHS, just go ahead and click the Cyber Hygiene Score view from the Account-level dashboard.

The Manual option in Account Weightage Configuration allows administrators to assign custom weightage to key risk dimensions such as Identities & Entitlements, Posture Anomalies, Misconfigurations, and Missing Patches.

It is essential that the total weightage adds up to 100. In-order to do this, see the Current weightage and accordingly adjust the New Weightage, increase or decrease a numeric value using the up and down arrow buttons, or enter a number directly into the field and save your settings.

To assign the weightage from the Auto option, just move the slider corresponding to risk dimensions, such as Identities & Entitlement, Posture Anomalies, Misconfigurations, and Missing Patches, and save your settings.

The Cyber Hygiene Score dashboard view displays the organization’s overall CHS as a weighted average of accessible account scores. The 0–100 scale offers a clear view of the current security posture.

The gauge features a color gradient ranging from red (indicating a low score) to green (indicating a high score), with 50 marking the midpoint.

Displays the Cyber Hygiene Score trend over the past 30days.

At the account level, the score for the current week shows an increase or decrease of +x OR -x points compared to previous measurement period, reflecting the change in the overall cybersecurity posture.

What does increase(+x) in CHS indicate?

The positive score in the Cyber Hygiene Score indicates that your organization’s overall security posture has improved compared to the previous measurement period.

A positive change in the Cyber Hygiene Score indicates an improved security posture, typically achieved by addressing vulnerabilities or misconfigurations, applying necessary security patches, enhancing access controls, eliminating insecure or unused assets, and adopting recommended security best practices.

In summary, higher score indicates reduced risk exposure and better alignment with cybersecurity standards.

What does decrease(-x) in CHS indicate?

The negative indicates a decline in cybersecurity posture, signalling the need for immediate investigation and remediation.

Additionally, there is an option to export data in CSV format for detailed analysis.

The Cyber Hygiene Score (CHS) for a resource is calculated as a weighted average of its Global Score and Local Score, with default weightings of 80% for the Global Score and 20% for the Local Score. The Global Score indicates the overall security posture of a resource, while the Local Score evaluates it in comparison to similar resources within the same account. Together, these scores provide a comprehensive view of both absolute and relative security. The CHS typically ranges from 0.96 to 99.6, with higher scores signifying stronger security hygiene.

Each provider is represented by its corresponding score, making it easy to compare the security posture of each platform. This visualization helps identify which environments are performing well and which ones need further attention to enhance overall cloud security hygiene.        

When you hover your cursor over the chart, the data point for the selected tool highlights, displaying its score marked by a red dot and further detailed in a tooltip. Each axis of the chart represents a specific security module, and the plotted points (for example, CIEM with a CHS Score of 4.43) indicates the strength or weakness in that particular area.

By visualizing the modules in this way, the chart highlights which areas contribute the most to potential attack vectors. It helps identify imbalances, weak points, and priority areas for remediation within the Cyber Hygiene framework.

The concentric levels on the chart represent different score ranges, facilitating a quick visual comparison of performance across tools.

Additionally, there is an option to download the data in CSV format.

To gain deeper insight into the factors(misconfigurations, identities, posture anomalies, and missing patches) contributing to bringing down the CHS score of the account, refer to the section: Top 5 Contributors for the decrease in cyber hygiene score.

Issues display in a tabular format based on the Misconfigurations, Identities & Entitlement, Posture Anomalies, or Missing Patches that you choose.

Additionally, the table offers search, navigation, and CSV export options to facilitate streamlined analysis and reporting.

The Risk Percentage based on Resource Category chart utilizes a heat map to illustrate the proportion of risk associated with various types of resources across AWS and Azure.

The Risk Percentage by Resource Category chart utilizes a heat map to illustrate the proportion of risk associated with various types of resources, including Compute, Databases, Networking & Content Delivery, Analytics, Security & Compliance, and Storage.

Each block in the chart represents a resource category, with its size and shading indicating the relative level of risk. For example, Databases account for 4.0% of the overall risk.

This visualization effectively highlights which categories contribute most to organizational risk, allowing for better prioritization of remediation efforts across different resource types.

The CHS Account Overview table provides an organization-level view of Cyber Hygiene Scores across multiple cloud accounts. It compares these accounts by detailing their cloud provider, CHS score, risk status, number of poor(critical) resources, total resource count, regions covered, and last scan details.

For instance, the AWS account has a CHS score of 75, which falls under medium risk severity and has 897 poor(critical) resources. In comparison, the Azure account has a CHS score of 92, indicating low risk status, with 59 poor(critical) resources. This overview enables organizations to identify which accounts have stronger or weaker security hygiene, prioritize their remediation efforts, and maintain a balanced security posture across their environments.

The CHS Resource Overview table provides a comprehensive list of cloud resources, including their IDs, names, associated services, regions, public accessibility status, and security posture scores.

The table displays both local and global scores, along with an overall Cyber Hygiene Score that features color-coded indicators for quick risk assessment.

Resources with lower CHS values, for example, the resource located in the ap-northeast-1 region with a cyber hygiene score of 4, indicate areas that require immediate attention. This information allows teams to focus their remediation efforts on the most vulnerable resources.

Clicking on a Cyber Hygiene Score in the CHS Resource Overview view opens a pop-up that displays detailed information about the selected resource’s security posture. This pop-up features a visual score gauge, as well as both local and global scores. Key metadata is also included, such as Resource ID, Resource Name, and Service Type. This detailed view allows users to quickly assess the health of individual resources, identify areas of weakness, and prioritize remediation actions to enhance overall cyber hygiene.

In the CHS Resource Overview block, tags act as metadata-based filters that help users organize and refine the displayed resources. By selecting tag categories such as region name, service, group, or cloud provider, and applying specific filter conditions, users can quickly narrow down the resource list to focus on relevant subsets.

This approach enhances the analysis of cyber hygiene scores by isolating critical resources based on factors like geography, service type, or organizational grouping. As a result, it streamlines security assessments and prioritization.

The Search feature allows users to quickly find specific resources within the CHS Resource Overview table. By entering keywords, resource IDs, or partial strings, the table dynamically filters the results to display only the matching entries.

This functionality helps users easily locate a particular resource or group of resources without the need to manually scan through large datasets.

The Concerning Resources Based on Geo Locations chart highlights regions with the highest risk resources. It shows the distribution of these concerning(critical) resources and services across different regions, resource types, and service types, allowing organizations to evaluate the geographic concentration of risks. This information helps organizations proactively monitor regional risk exposure and take targeted remediation measures if risky resources are identified in specific geographic areas.

Markers on the world map indicate the physical locations of monitored resources, enabling a quick visualization of their geographic distribution across North America, Europe, and Asia. Moving your cursor on any of the dots displays the region, CHS score, total resources type, and total services type available in that specific region.

With zoom controls and the ability to export data as a CSV file, this dashboard block allows security teams to assess regional coverage, identify location-specific risks, and prioritize actions based on the distribution of resources and services.

The Cyber Hygiene Trend graph displays the organization’s Cyber Hygiene Score (CHS) tracked over time.

The real-time example of dashboard view communicates that for most of the timeline, specifically from July 30, 2025, to August 25, 2025, the score remains consistently at 0, indicating a lack of measurable security posture or unavailability of data during that period.

On August 26, 2025, there is a significant spike, with the organization’s CHS reaching 85, suggesting an improvement in security hygiene. However, the score quickly drops back to 0 on August 28, 2025, reflecting instability in the organization’s cyber hygiene posture or possible inconsistencies in data collection, remediation, or configuration.

This pattern highlights that the organization’s overall security posture has been weak and inconsistent, with only a brief improvement observed. Continuous monitoring, sustained remediation, and validation are required to maintain a stable and reliable Cyber Hygiene Score over time.

The Cyber Hygiene Trend graph displays the account scores over the past 30 days and helps compare the current scores to the predicted scores for the upcoming day.

The real-time example of dashboard view displays the evolution of the account’s security posture over a period.

This trend underscores the vulnerabilities that affected the security posture as well as the success of remediation efforts in restoring cyber hygiene.

Services with lower scores indicate a higher risk, while those with higher scores demonstrate a stronger security posture.

For instance, the service “ec2” has a CHS score of 87, placing it in the mid-range for risk compared to other services. This visualization enables quick identification of the riskiest services, allowing for prioritized remediation efforts to enhance overall security.

Move your cursor over the bars in the chart to easily identify which services contribute the most to their respective cyber hygiene scores.

The Resources Severity Distribution chart  displays the total count of resources categorized into 4 severity levels: Poor, Fair, Good, and Excellent. This visualization provides insights into the overall health and risk profile of organization-level resources. Additionally, this breakdown enables security teams to quickly identify critical areas that require immediate remediation, while also acknowledging the areas that are performing well in terms of cyber hygiene.

The Resources Severity Distribution chart  displays the total count of resources categorized into 4 severity levels: Poor, Fair, Good, and Excellent. This visualization provides insights into the overall health and risk profile of account-level resources. Additionally, this breakdown enables security teams to quickly identify critical areas that require immediate remediation, while also acknowledging the areas that are performing well in terms of cyber hygiene.

Move your cursor over the data point in the chart to display the latest count for the different risk categories in a tooltip.

This trend analysis is essential for evaluating the effectiveness of remediation efforts, monitoring changes in security posture, and prioritizing actions to enhance the overall cyber hygiene.

You also have an option to export the data into a spreadsheet by clicking the CSV button on the top-right of the block.