To help prioritize misconfiguration issues, Dynatrace introduced severity classifications for misconfigurations based on the CCSS.

Dynatrace's platform is a central hub for IT professionals and DevOps teams, offering insights into application performance monitoring, cloud observability, and digital experience management. Through articles, case studies, and industry reports, Dynatrace offers insights into monitoring distributed systems, detecting performance bottlenecks, and optimizing application performance. Readers can learn about end-to-end visibility, AI-driven analytics, and automation solutions to deliver superior digital experiences for users.

Dynatrace

Dynatrace Security Posture Management (SPM) now uses the Common Configuration Scoring System (CCSS) to classify misconfiguration severity across all findings. CCSS provides a standardized, vendor-agnostic scoring model based on three dimensions: Likelihood, Technical Impact, and Configuration Impact. This replaces previous vendor-specific severity labels, enabling consistent comparison across frameworks like CIS benchmarks, DORA, and DISA-STIGs. A worked example shows how a Kubernetes API server misconfiguration (AlwaysAllow authorization mode) scores as Critical under CCSS. The change rolls out automatically for Dynatrace SaaS users with version 1.334 in March 2026, while Managed users must manually update.

Strengthen your security posture with the Common Configuration Scoring System for misconfigured production environments

How Dynatrace determines misconfiguration severity levels

Impact on the current rule severities in Security Posture Management