|
|||||
 |
 |
||||
| CPE Website is in "Archive" status — read the announcement | |||||
About CPE — ArchiveChallengeSecure information systems depend on reliable, cost-effective Software Asset Management practices that support security assessment. IT managers need highly reliable and automatable software inventory processes that provide accurate, up-to-the-minute details about the operating systems, software applications and hardware devices that are installed and available for use. Once armed with this data, IT managers can identify risks and vulnerabilities, and make timely decisions about what to install, patch or disable. Specification languages exist such as Common Vulnerabilities and Exposures (CVE®) for describing vulnerabilities, Open Vulnerability and Assessment Language (OVAL®) for testing system state, and Extensible Configuration Checklist Description Format (XCCDF) for expressing security checklists. What these languages all have in common is a need to refer to IT products and platforms in a standardized way that is suitable for machine interpretation and processing. SolutionCommon Platform Enumeration (CPE™) was developed to satisfy that need. CPE provides:
CPE in the EnterpriseAn authoritative CPE Dictionary is currently maintained by the National Institute of Standards and Technology (NIST) as part of its U.S. National Vulnerability Database (NVD). NIST also hosts the current official version of the CPE Specification documents. In addition, CPE is one of the existing open standards used by NIST in its Security Content Automation Protocol (SCAP) program, which combines "a suite of tools to help automate vulnerability management and evaluate compliance with federal information technology security requirements." Numerous products have been validated by NIST as conforming to the CPE component of SCAP. |
||||
