Scoring Framework¶
Salient scores exercise responses against three industry frameworks, producing maturity scores, gap identification, and organic captures of organizational intelligence.
Framework Mapping¶
Every exercise question maps to one or more controls:
| Framework | Coverage | Purpose |
|---|---|---|
| NIST CSF 2.0 | Identify, Protect, Detect, Respond, Recover | Primary maturity scoring — 5 function scores + overall |
| MITRE ATT&CK | Techniques and tactics | Threat-specific capability assessment |
| CIS Controls v8 | 18 control groups | Implementation-level gap identification |
Control badges appear on each question during exercises, showing which frameworks apply to that response.
Scoring Rubric (0-10 Scale)¶
Each question has a scoring rubric that evaluates response quality:
| Score | Level | Meaning |
|---|---|---|
| 0-2 | Absent | No relevant response or fundamental misunderstanding |
| 3-4 | Ad Hoc | Some awareness but no structured approach |
| 5-6 | Developing | Basic process exists but gaps in execution |
| 7-8 | Managed | Solid process with minor gaps |
| 9-10 | Optimized | Comprehensive, tested, continuously improved |
Two Scoring Modes¶
Keyword Scoring (Default)¶
Available without an AI provider. Matches response text against rubric keywords:
"scoring_rubric": {
"keywords": ["isolate", "contain", "preserve evidence", "notify"],
"max_score": 10
}
Keyword scoring provides a baseline but lacks contextual understanding.
AI Scoring (With AI Provider)¶
When an AI provider is configured, scoring becomes contextual:
- Evaluates response quality, not just keyword presence
- Considers the organization's specific context from the twin
- Identifies nuances (a team mentioning the right tool but wrong process)
- Generates detailed per-question analysis
AI scoring is the target
Keyword scoring is a functional fallback. The real value comes from AI evaluation that understands your organization's context and produces actionable gap analysis.
Gap Taxonomy¶
Salient classifies identified gaps into six types:
| Gap Type | Description | Example |
|---|---|---|
| Process | Missing or broken procedure | No after-hours escalation path |
| Technology | Missing or misconfigured tool | EDR not covering all endpoints |
| People | Skills or staffing gap | No trained forensics capability |
| Communication | Notification or coordination failure | Legal not in escalation chain |
| Documentation | Missing or outdated documentation | IR plan last updated 18 months ago |
| Testing | Untested process or tool | Backup restoration never validated |
Gaps are tracked across exercises. Recurring gaps become patterns, which feed into scenario recommendations.
Organic Captures¶
Beyond structured scoring, the AI captures organizational facts that emerge naturally from responses:
- Tools mentioned by the team
- Vendor relationships revealed
- Process descriptions
- Role assignments
- Decision patterns under pressure
These organic captures feed directly into the digital twin's fact database, enriching the organization's profile with every exercise.