Dynatrace Security Posture Management (SPM) now uses the Common Configuration Scoring System (CCSS) to classify misconfiguration severity across all findings. CCSS provides a standardized, vendor-agnostic scoring model based on three dimensions: Likelihood, Technical Impact, and Configuration Impact. This replaces previous vendor-specific severity labels, enabling consistent comparison across frameworks like CIS benchmarks, DORA, and DISA-STIGs. A worked example shows how a Kubernetes API server misconfiguration (AlwaysAllow authorization mode) scores as Critical under CCSS. The change rolls out automatically for Dynatrace SaaS users with version 1.334 in March 2026, while Managed users must manually update.
Table of contents
How Dynatrace determines misconfiguration severity levelsHow it worksImpact on the current rule severities in Security Posture ManagementWhat you need to doSort: