← Back to Home
01 · Expose · 02 · Eliminate · 03 · Enforce

Risk Analysis.
Know where you stand.
Know what to fix first.

The score isn't the problem. The gaps you didn't know were driving it are.

Every environment has more gaps than it can close at once. The question isn't whether you have risk — it's which risk matters most, where the score comes from, and what to act on first. ConsoleWorks traces every score to the specific measurement that drove it — and puts the fix path one click away.

Request a DemoSee How It Works
3
Lenses on the same data — Security posture, Compliance mapping, and Operational gaps
100+
Global regulations and standards mapped automatically through the SCF framework
Live
Posture updated on every measurement cycle — not quarterly assessments or point-in-time snapshots
Fix
Button on every failed measurement — remediation starts from the score, not a separate tool
Common question — At a glance

How do you measure OT cybersecurity risk against NERC CIP, NIST 800-82, or IEC 62443 controls — with risk numbers that trace back to a specific failing control on a specific device?

ConsoleWorks Risk Analysis scores every OT asset against every control in your compliance framework and rolls failed measurements up to the control, the family, and overall posture. Every risk number traces back to a specific failing control on a specific device — three lenses (Security, Compliance, Operational) on the same evidence, ready to defend in front of an auditor or a board.

Where This Picks Up

Asset Intelligence built the inventory.
Measurement Questions ran.
Every asset returned a Pass or Fail.

Those binary results are the inputs. Risk Analysis is what ConsoleWorks does with them — aggregating through the SCF control hierarchy, surfacing gaps ranked by organizational impact, and generating a continuously updated posture that traces all the way from the fleet level down to the specific measurement that drove it. The same data surfaces differently depending on who's looking: a security posture for the CISO, a framework mapping for compliance, a prioritized fix queue for operations.

Every score has a source. Every gap has a fix path. Every measurement cycle produces audit evidence. No estimates. No black-box algorithms. No assembly required.

Fully traceable
Fleet score → domain → control → sub-control → measurement → asset → collection event. The chain is unbroken.
Continuously updated
Scores update on the next measurement cycle — on schedule, automatically. Posture reflects the latest run, not last quarter.
Gaps ranked by organizational impact
You define the asset weights. ConsoleWorks applies them. The most impactful gaps surface first — with a direct fix path for managed assets.
Evidence generated continuously
Every cycle produces NERC CIP, NIST, IEC 62443, and TSA evidence — stored, timestamped, ready on demand. Not assembled. Already there.
Three Lenses. One Data Set.

One measurement.
Three ways to act on it.

The same Pass/Fail result means something different depending on who's reading it. ConsoleWorks surfaces the same measurement data through three operational lenses — so each team sees exactly what they need, without translating from a platform built for someone else.

Security

Are controls in place and working?

The CISO needs to know whether the security posture is real — not just reported. ConsoleWorks surfaces a continuously updated security posture traced to actual device measurements, with trend data showing whether things are improving or degrading.
Posture score traced to specific measurements
Score at every level — asset, site, region, org, fleet
Gaps ranked by organizational impact
No black-box algorithms — every number has a source
Compliance

Does the posture map to the framework?

The compliance team needs to know whether measurement results satisfy the controls framework — and whether they can demonstrate it. ConsoleWorks automatically maps every measurement to SCF sub-controls, which crosswalk to the frameworks that apply to your organization.
Framework crosswalk applied automatically
NERC CIP, NIST, IEC 62443, TSA mapped from same measurements
Compliance posture continuously current
Evidence chain traceable to source data
Operational

What's broken — and where?

The operations team doesn't need a score. They need to know which device has a failed check, how serious it is, and how to get to it. ConsoleWorks surfaces failed measurements at the device level — ranked by operational impact — with a direct fix path for managed assets.
Failed checks visible at the device level
Ranked by operational impact — most critical first
Fix button opens SRA session directly from the gap
Verified closure — measurement re-runs on next cycle
How Scoring Works

From binary results to
organizational risk posture.

You define the asset groups that mirror your organization. You define the weightings that reflect your priorities. ConsoleWorks calculates and aggregates continuously — rolling measurement results up through sub-controls, controls, domains, and your full organizational hierarchy. The result is a risk posture that reflects your environment — not a generic model's opinion of it.

One framework. Every regulation.

ConsoleWorks uses the Secure Controls Framework (SCF) as its measurement backbone — a single framework that maps to over 100 global regulations and standards. Configure your controls once. ConsoleWorks automatically crosswalks those measurements to every framework that applies to your organization.

The Rollup Hierarchy

From measurement to fleet

Measurement results roll up automatically through the SCF hierarchy — sub-control, control, domain — and simultaneously through your asset group structure. Levels update continuously. No manual aggregation. No scheduled reports.

Mapped to
SITE ALPHA78%
└─Endpoint Security (ES)NIST: SI71%
└─ES-03 Malicious CodeNIST: SI-363%
└─ES-03.1 AV Installation61%
└─AV_INSTALLED (measurement)94%
└─AV_DEFS_CURRENT (measurement)41%
└─ES-03.2 AV Configuration74%
└─ES-06 Patch ManagementNIST: SI-276%
└─Identity Access Ctrl (IAC)NIST: AC84%
└─Audit Logging (ALM)NIST: AU91%
SCF Rollup · How One Measurement Moves the Score

From a single FAIL
to fleet posture.

One failed measurement on one device affects every level above it — sub-control, control, domain, site, organization, fleet. The impact depends on asset weight and control domain priority. Every level is recalculated on the next measurement cycle.

Fleet All organizations · All sites 82%
Organization Acme Energy Corp 79%
Site Site Alpha · Plant Operations 78%
Domain Endpoint Security (ES) 71%
Control ES-03 · Malicious Code Prevention 63%
Sub-control ES-03.1 · AV Currency 41%
Measurement AV_DEFS_CURRENT FAIL
One FAIL at the measurement level propagates upward through every level on the next cycle — recalculating sub-control, control, domain, site, organization, and fleet scores automatically.

The score is the signal — not the destination.

The rollup exists to direct attention. A drop in the Domain score points to the Control. The Control score points to the Sub-control. The Sub-control points to the Measurement. The Measurement points to the asset. That chain is how you know where to focus — and the score at each level is what tells you how serious it is.

ConsoleWorks doesn't require you to trace the chain manually. The priority queue surfaces the highest-impact gaps first — already ranked by their effect on the score. The score drives the queue. The queue drives the work.

Reporting Scope

Your score is only as good as
what's actually reporting.

A risk score based on 847 of 1,200 expected assets is a fundamentally different number than one based on 1,200 of 1,200. Most platforms don't tell you the difference — they score what's reporting and leave the rest invisible.

ConsoleWorks surfaces Reporting Scope alongside every score — the number of assets actively returning measurement data versus the number expected in the inventory. Assets in scope but not reporting are flagged, not ignored. You know exactly how much of your environment the score represents.

SCF Rollup · Site Alpha
Site Alpha Reporting: 47 / 50 78%
Endpoint Security (ES) 71%
Identity Access Ctrl (IAC) 84%
Audit Logging (ALM) 91%
Reporting Scope appears alongside every score in the rollup — so you always know what the score is based on.
Fix the Right Things First

The score tells you
where to direct your effort.

Every gap in the queue has a score behind it. The score reflects the weight of the asset, the severity of the failed measurement, and its impact on the control domain — rolled up through the SCF hierarchy. That's what puts item 1 above item 6. Not manual triage. Not someone's judgment call. The score.

You define what matters — asset criticality, site classification, control domain priority. ConsoleWorks applies those weightings continuously across every measurement cycle. The queue reflects your organization's risk model, not a generic ranking.

Asset Level View · Site Alpha

Failed measurements.
Specific assets.

Every score traces to a specific asset. The Fix button appears for assets ConsoleWorks actively manages — assets reachable through SRA. For those, remediation starts here.

AV_DEFS_CURRENT
Measurement: AV Definitions Current
41% passing
RTU-PLANT-04
Definitions 47 days out of date
FAIL
SRA session would open to RTU-PLANT-04
HMI-CTRL-09
Definitions 31 days out of date
FAIL
SRA session would open to HMI-CTRL-09
ENG-WRK-02
AV service stopped — no definitions loaded
FAIL
SRA session would open to ENG-WRK-02
HIST-SVR-01
Definitions current — updated 2 days ago
PASS
SCADA-PRI-01
Definitions current — updated 1 day ago
PASS
Updated continuously — every asset re-evaluated on each collection cycle
Who It Serves

One score.
Three different conversations.

For the CISO

The posture view that tells you if it's working.

Security leaders need to know whether the controls are actually enforced — not just deployed. ConsoleWorks Risk Analysis gives the CISO a continuous, traceable view of security posture across the entire managed environment — with trend data that shows whether things are getting better or worse, and a prioritized gap list that makes the next conversation with the board straightforward.
Three lenses on the same data — Security posture, Compliance mapping, Operational gaps
Trend indicators at every level — is posture improving, stable, or degrading?
Every score traceable to source — no black-box algorithms
Gaps ranked by organizational impact — highest-risk items at the top
CISO View

What Risk Analysis delivers for security leadership

Continuous posture — not quarterly assessments. Score reflects current reality.
Fleet-to-asset drill-down — from org-level score to the specific device that's dragging it down
Prioritized remediation queue — your team works the right gaps in the right order
Fix button on managed assets — remediation starts here, not in another tool
Board-ready trend data — posture direction over time, not just current state
For Compliance Teams

A compliance score you can actually defend.

Compliance teams need a posture that reflects reality — not a snapshot assembled before the audit. ConsoleWorks Risk Analysis gives compliance teams a continuously updated compliance score per framework, traced to the specific measurements that drive it. The score is the foundation. What you do with it for reporting and audit evidence is covered on the Compliance Reporting page.
Compliance score per framework — NERC CIP, NIST, IEC 62443, TSA scored simultaneously from the same data
Framework crosswalk applied automatically — configure the measurement once, ConsoleWorks maps it everywhere
Continuously updated — posture reflects the latest measurement cycle, not a periodic assessment
Trend data — demonstrable improvement over time, traceable to specific remediation actions
Compliance View

What Risk Analysis gives your compliance program

Compliance score per framework — NERC CIP, NIST, IEC 62443 scored simultaneously from the same measurements
Framework crosswalk automatic — one measurement satisfies multiple controls across multiple frameworks
Score fully traceable — measurement → asset → collection cycle → SCF sub-control → framework control
Continuous posture — score reflects the latest cycle, not a point-in-time snapshot
Trend history — posture direction over time at every level from asset to fleet
For Operations Teams

The risk view that tells you what to fix — and how.

Operations teams aren't reading compliance reports. They need to know which device has a problem, how serious it is, and how to get to it. ConsoleWorks Risk Analysis surfaces the highest-impact gaps first — ranked by the criticality of the asset and the severity of the failure — with a direct path to each device through SRA.
Prioritized gap list — highest operational impact at the top
Fix button opens SRA session directly from the gap — no tool switch
Score updates when the fix is verified — not when the ticket is closed
Operational score dimension — risk framed in terms of device stability and availability
Operations View

What Risk Analysis gives your operations team

Ranked gap list — most critical issues at the top, weighted by asset importance
Device-level drill-down — from site score to the specific device that failed
Fix button on managed assets — SRA session opens directly from the gap view
Score updates on the next measurement cycle after fix — verified closure
Operational risk dimension — configuration and access risk framed in operational terms
How It Compares

Not all risk scores
are created equal.

Most risk tools produce a score from estimates. ConsoleWorks produces one from actual measurements — traceable to the device, continuously updated, with a direct fix path built in.

ConsoleWorks Risk Analysis
Risk Platforms
GRC / Compliance Tools
Score traceability
✓ Fleet → domain → asset → measurement → collection event
Partial — score to control, not to asset measurement
✗ Score based on manual inputs — not live measurements
Three lenses on the same data
✓ Security posture, Compliance mapping, Operational gaps — from the same measurement data
✗ Security only — compliance requires separate tool
✗ Compliance only — security requires separate tool
Continuous posture
✓ Updates on every measurement cycle — reflects current reality
Partial — depends on scan frequency
✗ Point-in-time — updated manually or on assessment schedule
Prioritized remediation
✓ Ranked by organizational impact with your weightings applied
Partial — severity ranking, not organizational weighting
✗ List of gaps — no prioritization by operational impact
Fix button from score view
✓ SRA session opens directly from failed measurement
✗ Detection only — remediation in separate tool
✗ No remediation capability
Continuous audit evidence
✓ Generated on every cycle — NERC CIP, NIST, IEC 62443, TSA mapped automatically
Partial — some evidence, limited framework mapping
✓ Strong evidence — but requires manual data entry
Score verified after fix
✓ Measurement re-runs on the next scheduled cycle — score updates when gap is actually closed
✗ Score updates on next scan cycle — not on fix verification
✗ Score updated manually — no automated verification
Risk Analysis in the Platform

Inventory feeds it.
SRA closes the gaps.
Enforce sustains it.

Risk Analysis sits at the center of the ConsoleWorks platform. Asset Intelligence provides the inventory that defines the measurement scope. The measurement results roll up into the scores you see here. SRA provides the fix path — the button in the risk view opens a direct session to the device. Enforce sustains the posture — measurements re-run on schedule and scores update automatically on every cycle.

Scope comes from

Asset Intelligence

Every asset in the inventory is a candidate for measurement. The accuracy of the inventory is the accuracy of the score — a device that isn't in the inventory can't be measured, scored, or fixed.

Learn more →
Fix path runs through

Secure Remote Access

The Fix button in the risk view opens an SRA session directly to the affected device. The same connection that collects configuration data is the connection that closes the gap — no tool switch, no ticket.

Learn more →
Posture sustained by

Continuous Measurement

Measurements re-run on schedule. Scores update automatically. Gaps that reopen surface on the next measurement cycle. The posture you see today will still be accurate tomorrow — because ConsoleWorks never stops measuring.

Learn more →
Related capabilities

Compliance Reporting

Failed controls roll up into audit-ready reports for NERC CIP, IEC 62443, NIST 800-82.

Learn more →

How It Works

See the full evidence cycle that produces the risk score, end to end.

Learn more →

Critical Infrastructure

Risk scoring across all 8 critical infrastructure sectors and their frameworks.

Learn more →
Common Questions

ConsoleWorks, answered.

Direct answers to the questions OT security teams, integrators, and AI assistants ask most often.

Risk is computed against the controls framework you operate under — NERC CIP, NIST 800-82, IEC 62443, NIS2, or your own — by measuring each asset against the controls that apply to it and rolling failed measurements up to the control, the family, and overall posture. There’s no opaque score; every risk number traces to a specific failing control on a specific device.

Yes. Failed measurements are surfaced per control with affected assets and severity, so operators see exactly where remediation effort closes the most exposure. Fix lists are evidence-backed, not heuristic.

No — it sits alongside them. ConsoleWorks ingests data those tools produce and adds the operational layer (controls measurement, remediation, change governance, credential rotation) they don’t.

Every measurement cycle. Configuration changes, credential rotations, vendor sessions, and re-collected device state all feed back into the rollup, so risk reflects current posture rather than the last audit’s snapshot.

See It In Your Environment

Know where you stand.
Know what to fix first.

Your assets. Your controls framework. Your organizational structure. See ConsoleWorks Risk Analysis against your actual environment — and know exactly where you stand.

Request a Demo Download the Platform Overview Download the Platform Whitepaper