Third Party

An additional enhancement to Tenable One scoring is the ability to certain third party data into Tenable One. Because Tenable considers assets with at least one vulnerability to be licensed, Tenable One calculates a Third Party Asset Exposure Score (AES) for these assets.

Vulnerability Priority Rating

At this time, Tenable One only imports CVE information from weaknesses found on Third Party assets. Because Tenable One already scores CVEs within the existing Vulnerability Priority Rating (VPR) algorithm, all imported weaknesses have a VPR.

Asset Criticality Rating

The Asset Criticality Rating (ACR) rates the criticality of an asset to the organization. An asset’s ACR is expressed as an integer from 1 to 10, with higher values corresponding to the asset being more critical to the business.

Initially, Tenable One gives Third Party assets a default exposure score of 5 unless the asset also belongs to another Exposure Class. In the future, the Global Asset Profile (GAP) algorithm will be extended to include Third Party assets. At that time, Third Party asset ACR will be determined based on the information gathered from that algorithm.