A Security Schema is a set of tests used to evaluate the security of one or more sites for a Site Security Assessment.
There are two types of Security Schemas:
- The Standard Security Schema
- Custom Security Schemas
Understanding the Standard Security Schema
The Standard Security Schema is provided for you and includes all the recommended security tests at the recommended settings. When you create a site, if you don't choose a custom Security Schema, the Standard Schema is applied.
The Standard Security Schema is read-only and cannot be edited or copied.
Understanding Custom Security Schemas
You can create custom Security Schemas for the level of security you need for different sites. In a custom Security Schema, you can change the settings of certain tests, remove tests completely, and remove entire categories of tests if you feel they don't apply to a site.
Once you've set up a custom Security Schema, you can apply it to any site that is enrolled in Security Assessment. When you apply a custom Security Schema to a site, that site is assessed against the custom Security Schema.
How Custom Security Schemas Affect Scores
When you set up a Custom Security Schema, only the tests included in the schema are used to score any site you apply the schema to. If you choose not to include a test from a Custom Security Schema, that test isn't scored. No score is recorded for it in either the overall security score or in the score in any of the categories. For more on Custom Security Schemas and scoring, see Creating Security Schemas.
How Custom Security Schemas Affect Trends
Security Score trends are displayed as graphs on the Site Security Overview and Site Security Details pages. These graphs display historical data based on the results of previously completed security assessments. The trend graphs reflect the Security Schema in use at the time of the assessment. Changing the Security Schema changes the schema in current use, but it doesn't change the results of previous, historical assessments. As a result, when you change the Security Schema on a site, you may see significant differences between data points on the graph if one assessment was scored with a stricter Security Schema than another assessment.
How Custom Security Schemas Affect Reports
Most Security Assessment reports allow you to choose between reporting on the view that the customer sees and the Standard report. If you haven't applied a custom Security Security Schema, the customer's view is of the scores from the Standard Schema, and the report will reflect that. If you have applied a custom Security Security Schema, the report's data reflects the score from the custom Security Schema.
Two reports allow you include both the customer's view and the Standard Security Schema. They are:
- Site Security Summary
- Site Security Historical Trend Report
The New Site Default Security Schema
You can set a security schema as the New Site Default Security Schema, which is applied to new sites when they are created, unless you select a different schema. For more information, see Using the New Site Default Security Schema.
Custom Site Security Schemas and the Dashboard and Details pages
The Security Dashboard and Security Details pages display the scores of tests that are included in the Security Schema that is currently in use. If you don't include a test in a Security Schema, no information about that test is shown on the Dashboard or Details pages. Neither the Dashboard or the Details pages will show either a score or a description of the test.