From "A+" to "D". Confidentiality, Integrity and Availability (CIA)

All the controls included in the rating guide are classified into 5 levels, from A+ to D; the 'D' level already demands meeting basic safety measures and corresponding to level 'A+' for best possible package os measures at the current time. Thus, the “A+” level' is reserved for those services that manage highly confidential information (such as industrial or national secrets) or very stringent availability requirements (such as critical infrastructures).

To achieve a certain level you must meet all the controls required for the same, based on the maxim that "security is only as strong as its weakest link". This implies that if a service complies with all necessary controls to achieve the level B, except for one, which reaches controls for level C, the final grade will be a C.

By displaying the LEET stamp, the provider guarantees that the qualified service implements a management system and security mechanisms.

This score is not global; relevant measures for the three fundamental dimensions of information security are evaluated: Confidentiality, Integrity and Availability. Thus, the rating assigned by LEET Security consists of three letters: the first indicates the reliability of service in terms of the Confidentiality, Integrity is assessed by the second and the third measures the availability, always provided specifically for the qualified service.

There are also additional qualifiers that correspond to compliance with specific regulations:

- '+LOPD L/M/H' Indicates compliance with LOPD requirements for low / medium / high criticality personal data.

- '+PCIDSS' Indicates compliance with PCI DSS

- '+ENS L/M/H' Indicates compliance with Spanish National Security Scheme requirements for low / medium / high critical systems.

- And soon, we will add '+DPCoC' indicating compliance with European Data Privacy Code of Conduct for cloud providers.

You can also meet the nonspecific rating: PASSED. This means that the service at least meets all controls relevant to Level D in the three dimensions, although the provider does not want to show levels explicitly. In this case, the executive summary of the levels can be consulted in the section of qualified services, associated with the respective registry number, or access it by clicking on the stamp shown on the website of the service provider.