RCTS CERT Rating is the characterization in six categories (“A” to “F”) of how RCTS CERT externally analyzes the cybersecurity of RCTS entities’ infrastructures.

A to F Scale

This Rating is not public, and is only communicated to the institution itself included in its Monthly Security Report.

RCTS CERT Rating is determined using a number of parameters including:

  • The number of computer security incidents reported and the time (in days) which they remain unsolved;
  • The number of vulnerabilities;
  • The number of malware events (connections to botnets, etc);
  • The number of copyright infringements reported;
  • Detected defacements;
  • Detections on RCTS datacenters’ intrusion detection systems;
  • IP addresses listed on blocklists;
  • The main DNS domain configuration used by the organisation (DNSSec and inhibiting zone transfer);
  • Domain protection in terms of sending messages (SPF , DKIM and DMARC records);
  • Main webserver configurations (Headers, Server Signature and SSL Certificate);
  • The formalization of a local CSIRT (Computer Security Incident Response Team).

Parameters have a global weight between 5% and 15%. Values for each parameter are detailed in the monthly reports. More details about each parameter are in this document.

The ranges that define each category are as follows: 

 

Escala A a F

 

 

If you have any questions about your institution’s RCTS CERT Rating, please contact RCTS CERT (info@cert.rcts.pt).