[CCE-WORKING-GROUP-LIST] Installed Sub-Components - Call for Data

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[CCE-WORKING-GROUP-LIST] Installed Sub-Components - Call for Data

Mann, Dave

We would like to request that all participants in the CCE Working Group share with us (MITRE only) any and all items from your proprietary content repositories that relate or refer to installed sub-components of any Microsoft Windows operating system or any version of Microsoft Office.  We are interested in any structured or semi-structured content that deals with these topics including:
  + Descriptions of security configuration audit checks
  + Web published configuration guidance
  + Descriptions of configuration controls
  + Sections of security configuration guidance documents

CCE's goal is to codify existing industry consensus on configuration issues.  We do not aspire to create CCE ids for items that are not yet widely recognized across the content management life-cycle.

To this end, CCE's traditional approach to solving difficult questions of this type has been to ask you, the members of the CCE Working Group, to submit your proprietary information to us so that we can more empirically determine if CCEs for a new area are justified and what the appropriate level of abstraction should be.  

MITRE is a Federally Funded Research and Development Center (FFRDC) that is chartered to operate in the public's interest.  In accordance with this charter and in our role as a neutral 3rd party moderator of CCE, MITRE will ensure that all information submitted to us remains confidential. MITRE has Non-Disclosure Agreements with many of the organizations on the CCE Working Group and is happy to formalize NDAs with all participants to ensure the protection of shared information.  Any published results from this (and other) data calls will be anonymized and will not be presented in a way that a competitive comparison among tools or capabilities could be inferred.

Many of CCE's hardest and most important editorial policies have resulted from this sort of industry and US government data sharing and collaboration and we believe that having access to this sort of information will allow MITRE to make recommendations on the installed sub-component question that will provide value for greater good.

We are focusing this data call on Microsoft Widows and Office first. We anticipate needing to make a similar data call for Unix and Linux based operating systems at some point in the future.  As always, we are grateful for your participation and engagement, which allows CCE to continue to develop.

Joe, Dave, Matt and the CCE Team