Common Configuration Enumeration (CCE) | Overview | Why Information Security Policies are Important

37. What is the Common Configuration Enumeration (CCE) and why are information security policies and procedures so important, and do you offer comprehensive I.T. security documentation?

The Common Configuration Enumeration (CCE) is essentially a list of “identifiers” and entries relating to security system configuration issues, and ultimately, to configuration guidance statements – that according to the CCE (cce.mitre.org) – is “to improve workflow by facilitating fast and accurate correlation of configuration data across multiple information sources and tools."  A “configuration guidance statement” is defined as the following: “specifies a preferred or required setting or policy for a computer system.”

Learn more about our signature product, the Global Information Security Compliance Packet (GISCP)the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.

Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.

You can find these CCE “identifiers” within many settings of well-known vendor publications (such as Microsoft security guidelines), along with security documentation from the CIS Benchmarks, NIST publications, NSA security guides, and many others. Specifically, each entry on the CCE list contains the following five (5) attributes: (1). CCE Identification Number. (2). A “description” of the configuration issue. (3). “Conceptual Parameters” that need to be specified. (4). “Associated Technical Mechanisms” for implementing the desired result. (5). References.

View the CCE F.A.Q. section (http://cce.mitre.org/about/faqs.html#A) to learn more and see examples of how these above elements all fit together. As one can see, CCE helps in assessing configuration data across multiple information sources (such as the above mentioned publication standards, and others), which can be a great benefit to I.T. security professionals.

Information Security Policies and Procedures | A Must Have for Compliance and I.T. | Download
Thus, if you’re seeking quality sources for helping ensure the safety and security of your network, it’s also imperative to have a comprehensive set of enterprise-wide information security policies and procedures in place, such as those offered by Flat Iron Technologies, LLC. With literally hundreds of high-quality, professionally researched templates, along with provisioning and hardening documents, the Global Information Security Compliance Packet (GISCP) set of documents is available for purchase and immediate download. 

GISCP - PREMIER Edition ($1,479.00)

Click below to view table of contents

GISCP cover

White Papers