Saner Cyber Security Risk Prioritization (CSRP) – Technical Brief
Cloud environments generate tens of thousands of misconfigurations, risks, and exposures across accounts and services. CSRP reduces this noise into a prioritized list of cloud risks that require immediate action. The prioritization model is evaluated based on exploitability, automation feasibility, technical impact, and mission prevalence — helping security teams
act where it matters most.
To operationalize this, CSRP adapts CISA’s Stakeholder-Specific Vulnerability Categorization
(SSVC) into a decision tree tailored for cloud. The model classifies each cloud risk into one of four actionable categories: Track, Track*, Attend, and Act.