NIST Cyber Risk Scoring (CRS)

*Risk score ranges were determined by calculating baseline risk score multipliers Sample Assessment Schedule Assessment Type Scan Frequency Vulnerabilities Weekly Compliance Scans Monthly Web Applications Annually and as needed Automated Assessments Manual Assessments* Full control set assessed annually Half of the control set is assessed each year

  Inst, Frequency, Multiplier