Select Page

NSS LABS RATINGS

NSS LABS RATINGS

RATING

DEFINITION

AAA

A product rated ‘AAA’ has the highest rating assigned by NSS Labs. The product’s capacity to meet its commitments to consumers is extremely strong.

AA

A product rated ‘AA’ differs from the highest-rated products only to a small degree. The product’s capacity to meet its commitments to consumers is very strong.

A

A product rated ‘A’ is somewhat more susceptible to sophisticated attacks than higher-rated categories. However, the product’s capacity to meet its commitments to consumers is still strong.

BBB

A product rated ‘BBB’ exhibits adequate protection parameters. However, sophisticated or previously unseen attacks are more likely to negatively impact the product’s capacity to meet its commitments to consumers.

A product rated ‘BB,’ ‘B,’ ‘CCC,’ ‘CC’, and ‘C’ is regarded as having significant risk characteristics. ‘BB’ indicates the least degree of risk and ‘C’ the highest. While such products will likely have some specialized capability and protective characteristics, these may be outweighed by large uncertainties or major exposure to adverse conditions.

BB

A product rated ‘BB’ is less susceptible to allowing a compromise than products that have received higher-risk ratings. However, the product faces major technical limitations, which could be exposed by threats that would lead to its inability to meet its commitments to consumers.

B

A product rated ‘B’ is more susceptible to allowing a compromise than products rated ‘BB’; however, it currently has the capacity to meet its commitments to consumers. Adverse threat conditions will likely expose the product’s technical limitations and expose its inability to meet its commitments to consumers.

CCC

A product rated ‘CCC’ is currently susceptible to allowing a compromise and is dependent upon favorable threat conditions for it to meet its commitments to consumers. In the event of adverse threat conditions, the product is not likely to have the capacity to meet its commitments to consumers.

CC

A product rated ‘CC’ is currently highly susceptible to allowing a compromise. The ‘CC’ rating is used when a failure has not yet occurred but NSS Labs considers a breach a virtual certainty, regardless of the anticipated time to breach.

C

A product rated ‘C’ is currently highly susceptible to allowing a compromise. The product is expected to fail to prevent a breach and to not have useful forensic information compared with products that are rated higher.

D

A product rated ‘D’ is actively being breached by known threats and is unable to protect consumers. For non-specialized products, the ‘D’ rating category is used when protecting a consumer is unattainable without a major technical overhaul. Unless NSS Labs believes that such technical fixes will be made within a stated grace period (often 30-90 calendar days), the ‘D’ rating also is an indicator that it is a virtual certainty that existing customers using the product have already experienced a breach—whether they know it or not—and should take immediate action.