Skip to main content

Set criticality levels

Criticality levels let you identify which incidents and issues involve critical entities in your organization. Set criticality levels for APIs, databases, and applications in the Explorer.

Changing a criticality level affects the Contrast score and the Contrast posture score in the following ways:

  • An application’s criticality maps to the CVSS v4.0 Environmental metrics. These metrics include Confidentiality, Integrity, and Availability requirements (CR, IR, AR).

  • Entities, such as databases and APIs, with the highest criticality map to the CVSS v4.0 Modified Subsequent System Impact metrics (MSC, MSI, MSA).

The CVSS v4.0 Specification Document describes the metric groups that the Contrast scores use.

Before you begin

  • You need a role with the Edit application action.

    The Edit application action is included in the Security analysts built-in user access group.

  • Turn on Observe mode.

    If Observe mode is turned off or data for an entity is unavailable, the criticality value is Not defined.

  • The available criticality levels are:

    • High (Tier 0)

    • Medium (Tier 1)

    • Low (Tier 2)

Steps

  1. From the left navigation, select Explorer.

  2. Select an application, database or API entity.

  3. In the details panel, select the Criticality dropdown and select a criticality level.

    The Contrast score and the Contrast posture score change based on your selection.

    CriticalitySelection.png
In this section:

The Contrast score represents the risk of an issue or incident at a particular point in time.  Contrast determines this score by using information from the Contrast SAST, IAST, SCA, ADR, and Observability technologies.

This score is an exponential aggregation of scores for all applications.