teChnology 131
is a set of standards designed to support automation of VM, com-
pliance management, and other security functions. We have already
discussed some of those standards, which include OVAL, CVE, and
CVSS. ere are three items we have not discussed: CCE and CPE,
which concern target enumeration, and XCCDF, which provides
checklists for target evaluation and standard formats for reporting.
CCE refers to Common Configuration Enumeration identifiers.
ese are identifiers used to correlate checks performed on system
configurations with documents and tools that provide related infor-
mation. CCE identifiers will not be discussed in depth except to sug-
gest reviewing the CCE lists provided by Mitre Corporation.
4.11.1 CPE
Common Platform Enumeration ...