Common Configuration Enumeration (CCE) | Overview | Why Information Security Policies are Important
37. What is the Common Configuration Enumeration (CCE) and why are information security policies and procedures so important, and do you offer comprehensive I.T. security documentation?
The Common Configuration Enumeration (CCE) is essentially a list of “identifiers” and entries relating to security system configuration issues, and ultimately, to configuration guidance statements – that according to the CCE (cce.mitre.org) – is “to improve workflow by facilitating fast and accurate correlation of configuration data across multiple information sources and tools." A “configuration guidance statement” is defined as the following: “specifies a preferred or required setting or policy for a computer system.”
You can find these CCE “identifiers” within many settings of well-known vendor publications (such as Microsoft security guidelines), along with security documentation from the CIS Benchmarks, NIST publications, NSA security guides, and many others. Specifically, each entry on the CCE list contains the following five (5) attributes: (1). CCE Identification Number. (2). A “description” of the configuration issue. (3). “Conceptual Parameters” that need to be specified. (4). “Associated Technical Mechanisms” for implementing the desired result. (5). References.
View the CCE F.A.Q. section (http://cce.mitre.org/about/faqs.html#A) to learn more and see examples of how these above elements all fit together. As one can see, CCE helps in assessing configuration data across multiple information sources (such as the above mentioned publication standards, and others), which can be a great benefit to I.T. security professionals.
Information Security Policies and Procedures | A Must Have
Thus, if you’re seeking quality sources for helping ensure the safety and security of your network, it’s also imperative to have a comprehensive set of enterprise-wide information security policies and procedures in place, such as those offered by FLANK. With literally hundreds of high-quality, professionally researched templates, along with provisioning and hardening documents, the FLANK21 set of documents is available for purchase and immediate download.