|
|||||
 |
 |
||||
| CCE Website is in "Archive" status — read the announcement | |||||
News and Events - 2006 ArchiveDecember 7, 2006 CCE Adds Content Decisions Document and Working Group Members List A "CCE Content Decisions" document and a list of current CCE Working Group members have been added to the "Common Configuration Enumeration (CCE)" section. CCE provides unique identifiers to system configurations in order to facilitate fast and accurate correlation of configuration data across multiple information sources and tools. As an example, CCE Identifiers could be used to associate checks in configuration assessment tools with statements in configuration best-practice documents such as the Center for Internet Security (CIS) benchmark documents , National Institute of Standards and Technology (NIST) NIST Security Configuration Guides , National Security Agency (NSA) NSA Security Configuration Guides , and Defense Information Systems Agency (DISA) DISA Security Technical Implementation Guides (STIGS). The section also includes the current version of the CCE List; a CCE Status section detailing the status of the current version; a description of How to Participate for organizations and individuals interested in contributing; and the newly revised CCE Working Group section for those interested in actively participating in this new community initiative. October 26, 2006 CCE Co-Hosts Booth at FIAC 2006 MITRE hosted a CCE, CVE, CME, CWE, and OVAL exhibitor booth at Federal Information Assurance Conference (FIAC) 2006, October 25-26, 2006, at the Inn and Conference Center, University of Maryland University College, in Adelphi, Maryland, USA. The conference exposed CVE, CCE, CWE, OVAL, and CME to network and systems administrators, security practitioners, acquisition and procurement officials, systems security officers, federal managers, accreditors, and certifiers from numerous agencies of the U.S. federal government. Visit the CCE Calendar page for information on this and other upcoming events. CCE Co-Hosts Booth at OMG Software Assurance Workshop MITRE hosted a Making Security Measurable exhibitor booth about MITRE’s CCE, CVE, CME, CWE, CPE, and OVAL efforts at the OMG Software Assurance Workshop on March 5-7, 2007 at the Hyatt Fair Lakes in Fairfax, Virginia, USA. Object Management Group (OMG) is an international, open membership, not-for-profit computer industry consortium. OMG’s task forces "develop enterprise integration standards" for a wide range of technologies and industries and its modeling standards "enable powerful visual design, execution and maintenance of software and other processes." Visit the CCE Calendar page for information on this and other upcoming events. October 5, 2006 CCE Co-Hosts Booth at IT Security World 2006 MITRE hosted a CCE, CVE, CME, CWE, OVAL exhibitor booth at MISTI’s IT Security World 2006 on September 25-27, 2006 at the Fairmont Hotel in San Francisco, California, USA. The conference exposed CVE, CCE, CWE, OVAL, and CME to security professionals from industry, government, and academia charged with developing and running their organizations’ information security programs Visit the CCE Calendar page for information on this and other upcoming events. August 17, 2006 "Common Configuration Enumeration (CCE)" Proof-of-Concept Draft Released An initial preliminary draft of the "Common Configuration Enumeration (CCE)" List was posted on the CVE Web site on August 17, 2006 for public review and comment. The preliminary draft is intended as a proof-of-concept and focuses on security-related configuration issues for Windows 2000, Windows XP, and Windows Server 2003. The draft is not final and will be modified over time. In particular, the CCE IDs themselves are not final and will likely change significantly in future versions. Currently, each entry on the list includes the following: CCE Identifier number, description, logical parameters, technical mechanisms, and any references. Refer to the CCE List for more information. Comments are welcome at cce@mitre.org. |
||||
