CCE Home Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues
CCE Website is in "Archive" status — read the announcement


News & Events — Archive


MITRE is pleased to announce that ongoing maintenance and development of CCE has been transferred to the U.S. National Institute for Standards and Technology (NIST). NIST is now hosting the official CCE List and community forum at the following website: MITRE will support NIST in an advisory role to ensure a smooth transfer and support their ongoing operation of CCE as needed. As part of this transition, MITRE has assigned the copyright on all CCE material to NIST. MITRE will no longer be enforcing the unregistered trademarks on CCE. This website will be maintained as an archive for the CCE Community, but will no longer be updated.

We thank all members of the CCE Community for your work in developing and refining CCE throughout the years. Please send any comments or concerns to

February 14, 2013

CCE List Content Updated

CCE Version 5.20130214 is now available on the CCE List page. There are now 12,163 total CCE entries in the CCE List. A report is available that that provides more details on the changes between Version 5.20120524 and Version 5.20130214.

Changes for Version 5.20130214 include: 948 total new entries added; the first release of a CCE list for Apache HTTPD versions 1.3, 2.0, and 2.2 with 422 entries, Microsoft Internet Information Server (IIS) versions 5 and 6 with 199 entries, Microsoft SQL 2000 and 2005 with 139 entries, and Apache Tomcat versions 4, 5, and with 188 entries; and updates to 80 entries for Microsoft Office 2007 2010 to add DISA STIG References.

Please send any comments or concerns to


Page Last Updated: March 22, 2013