41. What is the Common Platform Enumeration (CPE) and why are information security policies and procedures so important today, and do you offer comprehensive I.T. security documentation?

The Common Platform Enumeration (CPE), according to http://cpe.mitre.org/, is essentially a standardized method of describing and identifying various classes of applications, operating systems, and hardware devices within an organization’s overall computing assets. Additionally, CPE can be effectively utilized as a source of information for enforcing and also verifying IT management policies as it relates to assets, such as vulnerability, configuration, and remediation policies, etc.

To learn more about its application, the CPE has published “Use Cases” on their site that illustrate how organizations can benefit from this framework. In essence, the CPE, along with other frameworks, was established for facilitating interoperability and standardization in a way that is suitable for machine interpretation and processing. You can learn more about the CPE by viewing the following NIST Interagency reports:

  • NIST 7695
  • NIST 7696
  • NIST 7697

Look upon the CPE as provider of

  • A standard machine-readable format for encoding names of IT products and platforms.
  • A set of procedures for comparing names.
  • A language for constructing "applicability statements" that combine CPE names with simple logical operators.
  • A standard notion of a CPE Dictionary.

Source: http://cpe.mitre.org/about/

The Importance of Information Security Policies

Standardization, interoperability, uniformity – these are best practice for information security – and the CPE is just one example of many platforms helping achieve these goals. Yet another best practices undertaking is having enterprise-wide operational and information security policies and procedures in place. Not only do policies help answer the essential “who, what, when, where and why” of one’s information systems landscape, they’re also required for many areas of regulatory compliance.

The FLANK21 set of policies and procedures – available for immediate download at flank.org – comes complete with literally hundreds of highly useful, professionally written templates.  Sound information security practices should include provisions such as those mentioned by the CPE, along with documented policies and procedures, so learn more about the FLANK21 set of documents today at FLANK.