CCE Requirements

Common Configuration Enumeration (CCE) Requirements

• CCE.V.1: The product's documentation (printed or electronic) must state that it uses CCE and explain relevant details to the users of the product.
  
  See Standards.

• CCE.V.3: The vendor shall provide instructions on how product output can be generated that contains a listing of all security configuration issue items both with and without CCE IDs. Instructions shall include where the CCE IDs and the associated vendor supplied and/or official CCE descriptions can be located within the product output.
  
  See Viewing Results in Other Formats.

• CCE.V.4: The vendor shall provide instructions noting where the CCE ID can be located within the product output. The vendor shall provide procedures and a test environment (if necessary) so that the product will output configuration issues with associated CCE IDs.
  
  See Viewing Analysis Results.

• CCE.V.7: The vendor shall provide documentation (printed or electronic) indicating how security configuration issue items can be located using CCE names.
  
  Under the Resources tab, navigate to All Resources > Scap Entity > CCE. On the right side, you will see a list of all CCE resources and their descriptions. Above that list is a search bar control where you can search by ID or by words contained in the description.

• CCE.V.8: The vendor shall provide instructions on where the dates for all offline CCE data can be inspected in the product output.
  
  In the Resource Explorer console, open a CCE resource. Expand the Summaries tree node and select CCE Summary.