Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Common Configuration Enumeration (CCE) Requirements

CCE.V.1

...

The product's documentation (printed or electronic) must state that it uses CCE and explain relevant details to the users of the product.

...


For further details, go to Standards.

CCE.V.3: The vendor shall provide instructions on how product output can be generated that contains a listing of all security configuration issue items both with and without CCE IDs. Instructions shall include where the CCE IDs and the associated vendor supplied and/or official CCE descriptions can be located within the product output.

See Viewing Results in Other Formats.

CCE.V.4: The vendor shall provide instructions noting where the CCE ID can be located within the product output. The vendor shall provide procedures and a test environment (if necessary) so that the product will output configuration issues with associated CCE IDs.

See Viewing analysis results.

CCE.V.7: The vendor shall provide documentation (printed or electronic) indicating how security configuration issue items can be located using CCE names.

Under the Resources tab, navigate to All Resources > Scap Entity > CCE. On the right side, you will see a list of all CCE resources and their descriptions. Above that list is a search bar control where you can search by ID or by words contained in the description.

CCE.V.8: The vendor shall provide instructions on where the dates for all offline CCE data can be inspected in the product output.

In the Resource Explorer console, open a CCE resource. Expand the Summaries tree node and select CCE Summary.