How Asset Criticality is definded

Asset Crticality field given in my reports extraction after scan. How this asset crticality is defined do we need to define it or it is calculated

Asset Criticality is a Tag that you can apply, they are predefined tags.
The Criticality Tag will adjust the risk score of the asset.
e.g. a vulnerability on a Domain Controller or Externally facing server will be a higher Risk than the same vulnerability on an internal member server
You can use Tag filtering or Asset Groups to apply these Tags

A couple of things to note.

  • Criticality tags can be assigned either via a Site or Asset Group but NOT by another tag (discovered this a painful and hard way).
  • One can, set he precise amount that a given rating influences the risk score. Default values take the risk score of a device and then multiply it by the following ratings.

Very High - 2x
High - 1.5x
Medium - 1
Low - .75
Very Low - .5

  • Settings are located under Administrations → Risk Score Settings → Risk Score Adjustment. (Note: depending on the size of your environment it may take sometime to recalculate).
  • Using Criticality must be optionally enabled by selecting “Adjust asset risk scores based on criticality” on the page listed previously.