Quantcast

[CCE-WORKING-GROUP-LIST] CCE Release 5.20120314

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[CCE-WORKING-GROUP-LIST] CCE Release 5.20120314

Matthew N. Wojcik
Working Group members,

Apologies if this somewhat belated message is news you've already heard. I wanted to call everyone's attention to the most recent update to the CCE list. Release 5.20120314 was pushed to the website last Friday.

Along with various fixes to content and formatting, and a small number of CCEs added to various platform groups, this release includes two new platform groups. The exchange2007 and exchange2010 CCE lists are published thanks to submissions from the Microsoft Solution Accelerators Team. These were produced in conjunction with Microsoft's release of Exchange Server 2007 and 2010 baselines for Security Compliance Manager 2.5 (SCM 2.5) Beta. Those baselines in turn serve as the Resources for the respective CCE lists. Since SCM (at least most export formats of baseline content) is searchable by CCE ID, we've not required more specific References for each CCE entry than just an indication of the relevant baseline.

I'd like to thank the team at Microsoft for their efforts to provide us with well-formed CCE candidates. Wur analysts were able to quickly review the proposed CCEs and assign IDs thanks to the quality of the submission.

Below my .sig., I've included details of what's new in this release, excerpted from the ChangeLog.

As always, comments are encouraged. MITRE's CCE team will address anything related to CCE formation. The Microsoft Solution Accelerators Team is represented in the CCE Working Group, so we should be able to resolve any questions regarding the technical details of Exchange 2007 or 2010 as pertains to CCE.

Thanks for your attention,

--Woj                  Matthew N. Wojcik                 [hidden email]
781 271-8056 office                                           CCE Team
617 872-6247 mobile                    G022, IA Industry Collaboration

=================================
Changes in CCE version 5.20120314
=================================

Total CCE Entries: 10851
Number of new entries: 180
Total number of platform groups: 21
Number of new platform groups: 2
Number of platform groups with updates: 7
 - Of those, number with content changes: 6
 - With only formatting updates: 1

NOTE: The count of total CCE entries has been incorrect in recent
      releases.  If you noticed that the 180 plus the total reported
      with the 5.20111130 release doesn't add up to 10851, that's
      why.

      Total entries and number of new entries reported above are now
      believed to be correct.

Platform groups with no changes
-------------------------------
aix5.3
hpux11.23
ie8
office2k7
office2010
rhel4
rhel5
solaris8
solaris9
solaris10
win2k
win2k3

New platform groups
-------------------
exchange2007
exchange2010

    - Initial release of the CCE lists for Microsoft Exchange 2007 and
      2010.  There are 66 CCEs in the exchange2007 Platform Group, and
      76 for exchange2010.

    - The CCE team wishes to acknowledge the assistance of the
      Microsoft Solution Accelerators Team in creating this list.
      Their extremely well-formed submissions of CCE candidates for
      the two new platform groups were invaluable in creating the
      final CCE entries and assigning CCE IDs.

    - NOTE: The Microsoft Security Compliance Manager Baselines for
      Exchange 2007 and 2010 are currently still in beta, and not yet
      in general release.  


Platform groups with content changes
------------------------------------
ie7 - Eight new CCEs: CCE-18394-7, CCE-18552-0, CCE-18467-1,
      CCE-18731-0, CCE-18230-3, CCE-18912-6, CCE-18738-5, CCE-18137-0,
      issued for use in USGCB.

    - Added reference columns for new Resources, USGCB XCCDF and OVAL.
      References for the eight new CCEs in this release are drawn from
      these Resources.

    - Changed representation of registry key technical mechanisms in
      20 CCE entries: the delimiter before the EntryName at the end of
      the key was changed from ! to \

    - Various cosmetic changes to normalize formatting

winxp - Nine new CCEs: CCE-18099-2, CCE-18173-5, CCE-18559-5,
      CCE-18149-5, CCE-18962-1, CCE-18306-1, CCE-18692-4, CCE-18634-6,
      CCE-18782-3, issued for use in USGCB.

      - Note that CCE-18099-2 is DEPRECATED, because the control
        described does not itself affect the configuration of aspects
        of the Windows NTP Client.  Rather, it only controls whether
        Group Policy is used to set those options.

    - CCE-18167-7, CCE-18870-6, CCE-18307-9, CCE-18959-7: Modified
      Description and Parameters to clarify that these CCEs relate to
      whether various Windows XP Components are installed.

    - DEPRECATED CCE-5407-2 & CCE-5441-1: The POSIX and OS/2
      subsystems are not supported on Windows XP, per Microsoft.  See
      KB308259.  Also fixed data swap between parameter <-> technical
      mechanism columns.

    - Changed representation of registry key technical mechanisms in
      various CCE entries: the delimiter before the EntryName at the
      end of the key was changed from ! to \

    - Deleted empty row 572

vista - 19 new CCEs: CCE-18320-2, CCE-18987-8, CCE-18388-9,
      CCE-18220-4, CCE-18356-6, CCE-18589-2, CCE-18626-2, CCE-18386-3,
      CCE-18324-4, CCE-18594-2, CCE-18115-6, CCE-18938-1, CCE-18358-2,
      CCE-18686-6, CCE-18303-8, CCE-18881-3, CCE-18715-3, CCE-18414-3,
      CCE-18913-4

      - Note that CCE-18220-4 is DEPRECATED, because the control
        described does not itself affect the configuration of aspects
        of the Windows NTP Client.  Rather, it only controls whether
        Group Policy is used to set those options.

    - CCE-5407-2, CCE-5441-1: Fixed data swap between parameter <->
      technical mechanism columns.

    - CCE-3316-7, CCE-3082-5, CCE-4078-2: Added "automatic (delayed
      start)" to CCE Parameters.

    - CCE-18891-2, CCE-18279-0, CCE-18624-7, CCE-18129-7, CCE-18284-0,
      CCE-18700-5, CCE-18689-0: Modified Description and Parameters to
      clarify that these CCEs refer to whether various Windows Vista
      features are turned on or off.

win2k8 - CCE-8504-3: Added "automatic (delayed start)" to CCE
      Parameters.

    - Changed representation of registry key technical mechanisms in
      various CCE entries: the delimiter before the EntryName at the
      end of the key was changed from ! to \

win7 - Two new CCEs: CCE-14986-4 & CCE-14854-4

     - Fixed minor cosmetic spreadsheet formatting issues (cell
       boarders, row heights and column widths, fonts, etc.).

win2k8r2 - CCE-10213-7, CCE-10707-8: Fixed issue where each of these
      CCE IDs appeared in two spreadsheet rows / CCE entries, with
      different Descriptions.  This appears to have been the result of
      an inadvertent cut-and-paste error in a previous release.

    - Fixed some 62 CCEs, where groups of two or more CCE IDs had the
      same CCE Description.  In the majority of cases, the duplicates
      were resolved by adding additional information to the
      Description to clarify which configuration concept the CCE
      identifies.  E.g., qualifying to which log type, aspect of the
      Diagnostic Policy Service, packet type, etc. each CCE refers.

      In a minority of cases, apparent cut-and-paste errors in a
      previous release were corrected to restore original intent of
      the CCE entry.

      Affected CCEs:

      CCE-11074-2, CCE-11087-4, CCE-10677-3, CCE-11148-4, CCE-10454-7,
      CCE-11131-0, CCE-11306-8, CCE-12032-9, CCE-11290-4, CCE-11954-5,
      CCE-11138-5, CCE-11400-9, CCE-11890-1, CCE-12204-4, CCE-10975-1,
      CCE-11663-2, CCE-12036-0, CCE-10616-1, CCE-10626-0, CCE-11054-4,
      CCE-11210-2, CCE-11484-3, CCE-11966-9, CCE-12038-6, CCE-10315-0,
      CCE-10558-5, CCE-11393-6, CCE-11149-2, CCE-11697-0, CCE-11756-4,
      CCE-12295-2, CCE-10863-9, CCE-11269-8, CCE-11634-3, CCE-10679-9,
      CCE-11219-3, CCE-11690-5, CCE-11712-7, CCE-10421-6, CCE-11441-3,
      CCE-11883-6, CCE-12180-6, CCE-11033-8, CCE-11143-5, CCE-11174-0,
      CCE-11717-6, CCE-11573-3, CCE-11947-9, CCE-12248-1, CCE-11192-2,
      CCE-11479-3, CCE-11698-8, CCE-10309-3, CCE-10663-3, CCE-10918-1,
      CCE-11055-1, CCE-10722-7, CCE-11191-4, CCE-10781-3, CCE-11153-4,
      CCE-10057-8, CCE-10229-3

    - Parameters improved for: CCE-11210-2, CCE-10616-1, CCE-10626-0,
      CCE-11054-4, CCE-11966-9, CCE-11494-2

    - Fixed minor cosmetic spreadsheet formatting issues (cell
      boarders, row heights and column widths, fonts, etc.).

Platform groups with non-content changes
----------------------------------------
This release also includes some changes made to the formatting of
certain CCE spreadsheets.  These did not affect CCE content in any
way.

exchange2007
exchange2010
ie7
weblogicserver11g [See Note below]
vista
win2k8
win7
winxp

    - Removed names from several named cells/ranges, which had been
      added inadvertently at some point.

      - Note: Since there were no content changes to any of the CCE
      entries in the weblogicserver11g platform group, the "Last
      modified" and "Version" attributes were not updated.  (Those
      attributes may be found in hidden cells B1 and B2,
      respectively.)  The only changes were to remove the named
      ranges.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [CCE-WORKING-GROUP-LIST] CCE Release 5.20120314

Matthew N. Wojcik
Minor correction:

I wrote:

> Since SCM (at least most export formats of baseline content) is
> searchable by CCE ID[...]

That should have read, "Since SCM (and at least[...]"  Baseline content is searchable by CCE ID directly from the SCM user interface, and CCE IDs are included in at least the SCAP and spreadsheet exports from the tool.  (They may be in other formats as well; I'm just not familiar with those.)

Thanks!

--Woj
Loading...