Common Configuration Enumeration (CCE) Requirements
- CCE.V.1: The product's documentation (printed or electronic) must state that it uses CCE and explain relevant details to the users of the product.
See Standards.
- CCE.V.3: The vendor shall provide instructions on how product output can be generated that contains a listing of all security configuration issue items both with and without CCE IDs. Instructions shall include where the CCE IDs and the associated vendor supplied and/or official CCE descriptions can be located within the product output.
See Viewing Results in Other Formats.
- CCE.V.4: The vendor shall provide instructions noting where the CCE ID can be located within the product output. The vendor shall provide procedures and a test environment (if necessary) so that the product will output configuration issues with associated CCE IDs.
See Viewing Analysis Results.
- CCE.V.7: The vendor shall provide documentation (printed or electronic) indicating how security configuration issue items can be located using CCE names.
Under the Resources tab, navigate to All Resources > Scap Entity > CCE. On the right side, you will see a list of all CCE resources and their descriptions. Above that list is a search bar control where you can search by ID or by words contained in the description.
- CCE.V.8: The vendor shall provide instructions on where the dates for all offline CCE data can be inspected in the product output.
In the Resource Explorer console, open a CCE resource. Expand the Summaries tree node and select CCE Summary.
{"serverDuration": 253, "requestCorrelationId": "b1a3c49a4c694d439fb30988f1486a91"}