--- title: "Asset Risk Score Classification" slug: "asset-risk-scoring" updated: 2025-11-26T21:41:41Z published: 2025-11-26T21:41:41Z canonical: "help.nucleussec.com/asset-risk-scoring" stale: true --- > ## Documentation Index > Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt > Use this file to discover all available pages before exploring further. # Asset Risk Score Classification # Understanding Risk Score Classifications in Nucleus: The **Nucleus Risk Score** is a numeric value between **0 and 1000** that represents the relative risk of an asset or vulnerability. To help quickly interpret these scores, Nucleus uses **color-coded severity categories**: - **Critical (Red):** **900–1000** - **High (Orange):** **650–899** - **Medium (Yellow):** **310–649** - **Low (Green):** **0–309** These thresholds allow you to easily distinguish between assets or vulnerabilities that require urgent attention versus those that represent lower priority risks. --- ## Where You’ll See Risk Scores: Risk Scores are displayed throughout the platform, including: - **Assets Page:** Each asset is shown with its Risk Score and corresponding color classification. - **Findings and Vulnerabilities Views:** Instances of vulnerabilities include Risk Scores that roll up into the asset-level score. - **Dashboards and Reports:** Widgets and charts will use the same color-coded scheme for consistency. --- ## How Risk Scores Are Calculated: Risk Scores are calculated using Nucleus’ prioritization engine, which considers a combination of: - **Vulnerability severity** (CVSS, scanner ratings) - **Threat intelligence context** (e.g., CISA KEV, exploit activity, EPSS) - **Business context** - **Environmental factors** This calculation ensures scores are **risk-based** rather than purely severity-based, enabling more effective remediation prioritization. For a deeper dive into how Nucleus prioritizes vulnerabilities and risk, see [Weighting Risk](/v1/docs/weighting-risk#risk-weightings). --- ## Best Practices: - Use the **color-coded views** to quickly triage and focus on **Critical (Red)** and **High (Orange)** assets. - Apply **automation rules** to assign remediation SLAs or ticketing workflows based on these thresholds. - Monitor **Medium** and **Low** risk assets over time as they can escalate if new threat intelligence emerges.