Skip to content

Benchmark score

From the Configurations menu select Security Configurations to view all captured benchmarks from the Nanitor clients (agents and collectors). 

Selecting the Configuration Trends menu item will retrieve more detailed information on the benchmarks available in your environment. It shows the dashboard for benchmarks with a line chart over time for each benchmark. This is very useful information to see how the scoring has been developed over time and is a visualization of the progress that has been made toward hardening the various platforms.

For each benchmark, there is a baseline score (black line) and a benchmark score (orange line). 

How is the benchmark score calculated?

From the compliance report above we can select a benchmark to see what exactly Nanitor checks if the check is considered in the baseline and if the check has been passed (100% score) or failed (0% score). If the check fails Nanitor will raise an issue for each asset where the check is failing.

From the Screenshots above we see that for the specific benchmark Apple OSX Big Sur - Level 1 there are:

  • 60 checks
  • 24 relevant checks. Relevant checks are marked as to be considered in the baseline:
  • 4 fails on checks that are relevant for the baseline
  • 23 fails on all checks regardless of whether they are included in the baseline or not. This number is not displayed on the screen but can be extracted from the csv export for the benchmark details by clicking on the CSV icon. In the exported csv file, you will find a column marked as num_broken

The benchmark score takes all checks into consideration and compares the number of fails against the total number of benchmark checks. That means the score is computed as follows:

100% - (23 fails on all checks /60 total checks * 100%) = 61.67%

How is the baseline score calculated?

The baseline score on takes into consideration the checks that are marked to be included in the baseline. From the numbers above the score is computed as follows:

100% - (4 fails on the relevant checks/ 24 relevant checks * 100%) = 83.33%