In view of many uncertain factors existing in the characteristics of network security evaluation, a new network security comprehensive evaluation method is proposed based on the unascertained mathematics theory. Based on the analysis of network security risk, the index system and evaluation space of network security risk evaluation factors are established. The unascertained mathematical method is used in the network security risk comprehensive evaluation, and based on the theory of unascertained mathematics, the new unascertained mathematics concept of unascertained measurement expectation, comprehensive evaluation unascertained measure vector, the unascertained evaluation two value effect expectation and two value effect variance are defined. Based on the new unascertained concept, an unascertained mathematic model of network security risk comprehensive evaluation is established. The model is applied by real example, and the evaluation result is expressed by an unascertained rational number. The example shows that the method is simple and effective. This study provides a new way for the network security comprehensive evaluation.