Common Configuration Enumeration (CCE) requirements
CCE.V.1
The product's documentation (printed or electronic) must state that it uses CCE and explain relevant details to the users of the product. For further details, go to Standards.
CCE.V.3
The vendor shall provide instructions on how product output can be generated that contains a listing of all security configuration issue items both with and without CCE IDs. Instructions shall include where the CCE IDs and the associated vendor supplied and/or official CCE descriptions can be located within the product output. For further details, go to Viewing Results in Other Formats.
CCE.V.4
The vendor shall provide instructions noting where the CCE ID can be located within the product output. The vendor shall provide procedures and a test environment (if necessary) so that the product will output configuration issues with associated CCE IDs. For further details Viewing analysis results.
CCE.V.7
The vendor shall provide documentation (printed or electronic) indicating how security configuration issue items can be located using CCE names.
- In the Thycotic Security Manager, click the Resources tab and navigate to All Resources > Scap Entity > CCE.
- In the right pane you will see a list of all CCE resources and their descriptions. Above that list is a search bar where you can search by ID or by words contained in the description.
CCE.V.8
The vendor shall provide instructions on where the dates for all offline CCE data can be inspected in the product output.
- In the Resource Explorer console, open a CCE resource.
- Expand the Summaries tree node and select CCE Summary.