[フレーム]
You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected to https://csrc.nist.gov.

You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects Security Content Automation Protocol SCAP Specifications

Security Content Automation Protocol SCAP

Common Configuration Enumeration (CCE)

The CCE List provides unique identifiers to security-related system configuration issues in order to improve workflow by facilitating fast and accurate correlation of configuration data across multiple information sources and tools.

For example, CCE Identifiers are included for the settings in NIST macOS (mSCP); are the main identifiers used for the settings in the U.S. Federal Desktop Core Configuration (FDCC) data file downloads; and provide a mapping between the elements in configuration best-practice documents including the Center for Internet Security’s (CIS) CIS Benchmark Documents, National Institute of Standards and Technology’s (NIST) NIST Security Configuration Guides, National Security Agency’s (NSA) and Defense Information Systems Agency’s (DISA) DISA Security Technical Implementation Guides (STIGS).

When dealing with information from multiple sources, use of consistent identifiers can improve data correlation; enable interoperability; foster automation; and ease the gathering of metrics for use in situation awareness, IT security audits, and regulatory compliance. For example, Common Vulnerabilities and Exposures (CVE®) provides this capability for information security vulnerabilities.

Similar to the CVE effort, CCE assigns a unique, common identifier to a particular security-related configuration issue. CCE identifiers are associated with configuration statements and configuration controls that express the way humans name and discuss their intentions when configuring computer systems. In this way, the use of CCE-IDs as tags provide a bridge between natural language, prose-based configuration guidance documents and machine-readable or executable capabilities such as configuration audit tools.

Each entry on the CCE List contains the following five attributes:

  • CCE Identifier Number – "CCE-2715-1"
  • Description – a humanly understandable description of the configuration issue
  • Conceptual Parameters – parameters that would need to be specified in order to implement a CCE on a system
  • Associated Technical Mechanisms – for any given configuration issue there may be one or more ways to implement the desired result
  • References – pointers to the specific sections of the documents or tools in which the configuration issue is described in detail

Currently, CCE is focused solely on software-based configurations. Recommendations for hardware and/or physical configurations are not supported. Refer to the CCE List for more information.

Contacts

SCAP Inquiries
[email protected]

Contacts

SCAP Inquiries
[email protected]

Created December 07, 2016, Updated September 30, 2025

AltStyle によって変換されたページ (->オリジナル) /