Microsoft Security Compliance Manager

Terminology

SCM uses the following terms and definitions:

• Baseline. SCM works with security and compliance baselines, which are collections of software configuration settings that are also known as configuration items (CIs). Each CI is designed to help achieve a greater organizational security goal.
• CCE-ID. CCE Entries (also called "CCE-IDs") provide unique, common identifiers to configuration issues. A configuration issue may be a configuration statement that specifies a preferred or required setting or policy for a computer system, or a configuration control such as a particular registry key, file, or GPO setting.
• DCM Configuration Pack. A collection of Configuration Items (CIs) that you can use with the Desired Configuration Management (DCM) feature in Microsoft System Center Configuration Manager 2007 to scan and monitor computers for compliance.
• Excel workbook. A Microsoft application format that you can use to research and compare baseline setting information.
• GPO backup folder. A folder containing Group Policy Objects (GPOs) that you can import into Active Directory® and apply to groups of computers and users.
• SCAP data file. Security Content Automation Protocol (SCAP) files comply with a standard overseen by the National Institute of Standards and Technology (NIST).
• Setting. The lowest level technical control that holds a state for operating systems or applications to enforce desired functionality. For example, minimum password length is a setting that holds an integer number to enforce Windows operating system logon functionality. A setting has two kinds of metadata: setting definition and setting policy.
• Setting definition. A set of properties associated with an operating system or application setting defined by the setting owner, who creates the setting. For example, registry setting hive, path, and data type are part of the setting definition. A setting definition does not change after it is published.
• Setting policy. A set of properties associated with a setting and defined by setting users, who consume the setting policy. For example, minimum password length must be greater than or equal to 8.