Security Assessment Tool

Security Assessment Tool

Overview

The attached HTML file is a self-contained, browser-based “Authentication Scorecard” used to assess a client’s authentication maturity and generate a branded report. It collects basic client/MSP details, asks five scored security posture questions, calculates a total score out of 100, and then produces:

  • A results dashboard (score, posture rating, risk statement)

  • A radar chart visualization of category scores

  • A list of tailored recommendations

  • A whitelabeled PDF report download

  • A copy-ready email draft for the client

Everything runs locally in the browser—there is no backend, database, or form submission to a server.

What the User Sees

1) Header + Branding

  • A top “KZero Passwordless” header image (hosted externally).

  • A co-branded logo area:

    • Default MSP logo is embedded in the HTML as a base64 SVG.

    • Client logo starts hidden and appears after upload.

2) Client/MSP Info Inputs

A form collects:

  • Managed Service Provider name

  • Client organization name

  • Assessment date (auto-filled to today on load)

  • Client contact name

3) Brand Customization Controls

The MSP can customize report look & feel:

  • Upload MSP logo (used in the PDF and header)

  • Upload Client logo (used in the PDF and header)

  • Choose Primary and Accent colors (updates theme instantly)

  • Primary/accent colors are saved to the browser (localStorage) so they persist next time the page is opened.

4) Assessment Questions (5 Categories)

The assessment consists of five multiple-choice questions with point values:

  1. MFA Coverage (max 30)

  2. SSO Adoption (max 20)

  3. Password Management (max 20)

  4. Privileged Access (max 15)

  5. User Experience (max 15)

Each question is required, and selections drive scoring and recommendations.

What Happens When “Analyze & Generate Report” is Clicked

1) Validation

The page checks that all questions are answered. If any are missing, it prompts the user to complete all sections.

2) Score Calculation (0–100)

The script sums the selected values across all five questions and stores:

  • Total score (currentTotal)

  • Per-category answers and scores (currentAnswers)

3) Posture + Risk Rating

Based on the total score, it assigns:

  • 80–100: “Modern Posture” (Low risk)

  • 50–79: “Transitional Posture” (Moderate risk, action required)

  • 0–49: “Weak Posture” (Critical risk, immediate remediation)

The dashboard header gradient changes color (green/orange/red) to match the risk level.

4) Recommendations

Recommendations are generated based on which categories are below their maximum score. For example:

  • If MFA isn’t perfect, it recommends passwordless MFA (FIDO2/biometrics).

  • If SSO is partial, it recommends consolidating identity/SSO.

  • If everything is perfect, it shows a “maintain current controls” message.

5) Chart Rendering

A radar chart is rendered using Chart.js showing:

  • The user’s scores by category

  • A “Target” overlay representing the maximum scores (30/20/20/15/15)

A plugin ensures the chart canvas exports with a white background (important for PDF embedding)

6) UI Transition

After calculating:

  • The results section becomes visible

  • The assessment form and info-card are hidden

  • The page scrolls to the top for the dashboard view

PDF Report Generation (Whitelabeled)

Clicking “Download Whitelabeled PDF Report” generates a polished PDF using jsPDF.

The PDF includes:

  • A colored header bar using the current primary brand color

  • Title + generated date

  • Client + MSP names

  • MSP and client logos (if provided)

  • A score box with posture and risk summary (color-coded by risk)

  • Embedded radar chart image (exported from the canvas)

  • A “Detailed Analysis” section with per-question “traffic light” indicators:

    • Green = max score

    • Orange = partial

    • Red = weak

  • Strategic recommendations list

  • A footer: “Confidential Assessment - Generated by KZero Passwordless"

Client Email Draft (Copy/Paste)

After scoring, the page automatically generates an email draft in a text editor area:

  • Uses client name and contact name (if provided)

  • Inserts score, posture, and risk summary

  • Lists key findings (each category + selected answer)

  • Highlights the top recommendation as “Top Priority Action”

  • Signs off with the MSP name

A “Copy to Clipboard” button copies the email text for easy pasting into an email client.

Data Storage & Privacy Notes

  • No server calls for assessment data: scoring and report generation happen locally in the browser.

  • Local persistence: theme colors and the MSP logo are stored in localStorage to persist across sessions. (Client logo is not stored in localStorage in this version.)

  • External dependencies: the page loads Chart.js and jsPDF from public CDNs, and loads Google Fonts.

    • Related Articles

    • Battle Card - Passwordless Access for Health Care

      Battle Card: Passwordless Access for Healthcare Purpose of This Document The attached PDF is a sales battle card / solution brief designed for MSP partners to use when speaking with healthcare organizations about identity security, credential risk, ...

    • Battle Card - Passwordless Access for Law Firms

      Battle Card: Passwordless Access for Law Firms Purpose of This Document The attached PDF is a sales battle card / solution brief designed for MSP partners to use when speaking with law firms about identity security, credential risk, and passwordless ...

    • Enablement Guide - An Intro Guide to FIDO2 Authentication

      Enablement Guide: An Intro Guide to FIDO2 Authentication Purpose of This Document The attached PDF is an educational thought-leadership and enablement guide designed to help MSPs, MSSPs, and their customers understand what FIDO2 authentication is, ...