Common Configuration Enumeration (CCE™)

The CCE List provides unique identifiers to system configurations in order to facilitate fast and accurate correlation of configuration data across multiple information sources and tools. For example, CCE Identifiers could be used to associate checks in configuration assessment tools with statements in configuration best-practice documents such as the Center for Internet Security (CIS) benchmark documents , National Institute of Standards and Technology (NIST) NIST Security Configuration Guides , National Security Agency (NSA) NSA Security Configuration Guides , and Defense Information Systems Agency (DISA) DISA Security Technical Implementation Guides (STIGS).

CCE Status

An initial draft of CCE is available now for public review and comment. The draft is intended as a proof-of-concept and focuses on security-related configuration issues for Windows 2000, Windows XP, and Windows Server 2003. It should not be considered final and will be modified over time. Refer to the CCE List page for more information.

How to Participate

We have several issues that need to be validated in order to improve the current draft of the CCE List . The best way to help is to map your own configuration issues into the CCE List and then to provide us with feedback on the following questions:

1. Do the current CCE entries map to your configuration issues mostly in a 1-1 manner?
2. Is the scope of CCE appropriate, or should it be broadened to include operational configuration issues?

Please send all feedback, and any other comments or concerns, to cce@mitre.org . Alternatively, you or your organization may request to join the CCE Working Group .

Page Last Updated: January 23, 2007

CVE is funded by the U.S. Department of Homeland Security .

This Web site is hosted by The MITRE Corporation .
Copyright 2007, The MITRE Corporation. CVE and the CVE logo are trademarks of The MITRE Corporation.

Contact cve@mitre.org for more information.