Improve scoring docs (#358)

* expand info on average scoring system, fix typo * expand on scoring multiple policies * fix indents
mondoohq · Sep 10, 2024 · ea0d3b7 · ea0d3b7
1 parent f0f1d8b
commit ea0d3b7
Showing 1 changed file with 22 additions and 10 deletions.
diff --git a/docs/cnspec/cnspec-policies/write/policy-scoring.mdx b/docs/cnspec/cnspec-policies/write/policy-scoring.mdx
@@ -74,14 +74,20 @@ The average scoring system considers impact before averaging check scores. Faile
 
 - If a check fails (returns `false`), the asset receives (100-impact) for that check. For example, if an asset fails a check with an impact of 90, it receives a 10 for that check.
 
-Here are possible results of our simple example query, which has a port check and a cipher check:
+Our simple example query above contains:
 
-| Port (impact 90)     | Cipher (impact 80)   | Overall score                       |
-| :------------------- | :------------------- | :---------------------------------- |
-| Pass (100)           | Pass (100)           | (100 + 100) / 2 = **100** or **A+** |
-| Pass (100)           | Fail (100 - 80 = 20) | (100 + 20) / 2 = **60** or **B**    |
-| Fail (100 - 90 = 10) | Pass (100)           | (10 + 100) / 2 = **55** or **C**    |
-| Fail (100 - 90 = 10) | Fail (100 - 80 = 20) | (10 + 20) / 2 = **15** or **D**     |
+- A port check (sshd-01) with an impact of 90
+
+- A cipher check (sshd-02) with an impact of 80
+
+These are the possible asset scores on this policy:
+
+| Port check (impact 90) | Cipher check (impact 80) | Overall score                       |
+| :--------------------- | :----------------------- | :---------------------------------- |
+| Pass (100)             | Pass (100)               | (100 + 100) / 2 = **100** or **A+** |
+| Pass (100)             | Fail (100 - 80 = 20)     | (100 + 20) / 2 = **60** or **B**    |
+| Fail (100 - 90 = 10)   | Pass (100)               | (10 + 100) / 2 = **55** or **C**    |
+| Fail (100 - 90 = 10)   | Fail (100 - 80 = 20)     | (10 + 20) / 2 = **15** or **D**     |
 
 :::note
 
@@ -329,11 +335,17 @@ For example, suppose Mondoo assesses an asset based on two policies:
 
 If an asset scores 72 on policy X and scores 50 on policy Y:
 
-**72 x 100 = 7000**
+1. Multiply policy x score by 100 because the policy contains 100 checks.
+
+   **72 x 100 = 7200**
+
+2. Multiply policy y score by 20 because the policy contains 20 checks.
+
+   **50 x 20 = 1000**
 
-**50 x 20 = 1000**
+3. Divide the sum of the two policies by the total number of checks in both policies.
 
-**(7200 + 1000) / 120 = 68 (B)**
+   **(7200 + 1000) / 120 = 68 (B)**
 
 ## Next steps