> For the complete documentation index, see [llms.txt](https://docs.halosecurity.com/docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.halosecurity.com/docs/platform/risk.md).

# Risk

There are several ways Halo Security helps you evaluate risk on your attack surface.

## Risk Scores

Risk is scored on a 10,000-point scale from Low (0-299) and Medium (300-599) to High (600+). These risk ratings are color-coded by Green, Yellow, and Red. For more information about how risk is calculated, as well as a calculator that can show you how risk was assigned for any particular Target, please visit the [Risk Methodology](https://app.halosecurity.com/user/security/risk/methodology) page.

## Risk Indicators

We used colored risk indicators for certain elements like ports, ciphers, and various website-related information such as cookies and headers.

As a general rule of thumb:

* (<mark style="color:green;">●</mark> **Green**): Good or common. There is likely no issue.
* (<mark style="color:yellow;">●</mark> **Yellow**): More rare or questionable. Should be investigated.
* (<mark style="color:red;">●</mark> **Red**): Rare and poses significant risk without mitigating controls. Should be remediated.

## Issue Severity

All issues are rated on a scale of 1-5 and contribute to the full risk score.

* **Severity 5**: An attacker can take full control.
* **Severity 4**: An attacker can access critical data.
* **Severity 3**: An attacker can access sensitive data.
* **Severity 2**: An attacker can access configuration data.
* **Severity 1**: An attacker can access unnecessary data.

{% hint style="info" %}
You can easily customize the severity of different issues, by going to *Settings →* [Issue Settings](https://app.halosecurity.com/user/settings/issues/) and adding a new setting.
{% endhint %}

## CVSS Score & PCI Compliance

For vulnerabilities with a known risk, we also provided the CVSS score on the issue detail page. Additionally, certain vulnerabilities are classified as PCI vulnerabilities and must be remediated or exceptions created. That detail is also included on the Issue Detail page.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.halosecurity.com/docs/platform/risk.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.