CVSS scoring

Because severity terminology can vary between projects, Prisma Cloud normalizes severity ratings into a common schema.

Prisma Cloud leverages the CVSS 3.0 scoring system. The CVSS framework captures the principal characteristics of a vulnerability and produces a numerical score that reflects the severity of the vulnerability. CVSS scores range from 0.0 to 10.0. The higher the number, the higher the degree of severity.

Mappings

We only normalize vulnerability ratings for the purpose of creating rules. Console’s Monitoring section shows vendor terminology, not Prisma Cloud’s normalized scores (low, medium, high, critical).

The following table maps popular vendor terminology to Prisma Cloud normalized scores:

Vendor terminology	Prisma Cloud score
Unimportant	Low
Unassigned	Low
Negligible	Low
Not yet assigned	Low
Low	Low
Medium	Medium
Moderate	Medium
High	High
Important	High
Critical	Critical

In the absence of project-specific terminology, Prisma Cloud normalizes using the CVSS base scores defined by NIST. In addition to the numeric CVSS scores, NVD provides severity rankings of Low, Medium, High, and Critical. These qualitative grades are simply derived from the numeric CVSS scores:

CVSS base score	Prisma Cloud severity
0.0 - 3.9	Low
4.0 - 6.9	Medium
7.0 - 8.9	High
9.0 -10.0	Critical

Document:Prisma Cloud Administrator’s Guide (Compute)

CVSS scoring

CVSS scoring

Mappings

Recommended For You

Document:Prisma Cloud Administrator’s Guide (Compute)

CVSS scoring

CVSS scoring

Mappings

Recommended For You

Recommended Videos