FAQ : Bexxo
Why does Bexxo rely on the NIST CVSS to assess the criticality of vulnerabilities?
The CVSS (Common Vulnerability Scoring System), developed by NIST, is the universal standard for assessing the severity of vulnerabilities. It assigns each vulnerability a score from 0 to 10 based on objective criteria: attack vector (network, local, physical), exploitation complexity, privileges required, user interaction, and impact on confidentiality, integrity and availability. Using CVSS allows Bexxo to communicate vulnerability criticality in a standard language understood by all IT professionals — and allows our clients to compare audit results with globally recognised benchmarks.
Why does a Swiss SME need a cybersecurity audit?
Over 40% of cyberattacks in Switzerland target SMEs. An audit identifies vulnerabilities in your systems (network, website, access) before they are exploited, and ensures compliance with ISO 27001 and the Swiss Data Protection Act (nDSG).