In the day as a security person i see things like common vulnerabilities witch are described with Common Vulnerability Scoring System Version 3.0 (CVSSv3) like Common Vulnerability Scoring System Version 3.0 Calculator . And then there are Common Hardening Guides like Windows Security Baselines Security baselines guide | Microsoft Learn and CIS Benchmarks (for Linux,Windows,Databases,xxx) CIS Benchmarks
Would you recommend to describe the “Compliance Checks”,100-300 per system, in the CVSSv3 Vector (or is that nonsense)? For example entries in https://www.cisecurity.org/wp-content/uploads/2017/04/CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0.pdf
thx
~ r4bit