In an upcoming service update, CloudSOC will change how Business Readiness Ratings (BRR) are scored. This article describes the change, which allows you to prepare for possible policy updates when the update occurs.

• Currently, BRR scores for applications might be unnecessarily lower because of issues such as unresearched, unrelated, or stale attributes. 
  
  
• After the update, BRR will rate applications higher when attributes match and will not penalize when they do not. For example, an application is not rated for FedRAMP.  However, the application is not applicable to FedRamp so a score penalty is not assessed. 

When the CloudSOC datacenters receive the update, the new scoring immediately takes place. The following images demonstrate an example data set of detected applications and BRR score grades before and after the upcoming service update occurs.

BEFORE

AFTER

As demonstrated, a higher percentage of apps are now rated as low risk instead of high risk.

Because of the change, Security Administrators will likely examine and change any policies where BRR filters in rules trigger responses based on app scores. 

When Broadcom determines the CloudSOC service update that provides the change, the information banner on the CloudSOC console will provide that information.