Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 3
Next »
Common Configuration Enumeration (CCE) Requirements
- The product's documentation (printed or electronic) must state that it uses CCE and explain relevant details to the users of the product.
- The vendor shall provide instructions on how product output can be generated that contains a listing of all security configuration issue items both with and without CCE IDs. Instructions shall include where the CCE IDs and the associated vendor supplied and/or official CCE descriptions can be located within the product output.
- The vendor shall provide instructions noting where the CCE ID can be located within the product output. The vendor shall provide procedures and a test environment (if necessary) so that the product will output configuration issues with associated CCE IDs.
- The vendor shall provide documentation (printed or electronic) indicating how security configuration issue items can be located using CCE names.
- The vendor shall provide instructions on where the dates for all offline CCE data can be inspected in the product output.