– In a telecommunications context, a telecommunications company that holds itself out to the public for hire to provide communications transmission services. Note: In the United States, such companies are usually subject to regulation by federal and state regulatory commissions. SOURCE: SP 800-53 Common Configuration A SCAP specification that provides unique, common identifiers for Enumeration (CCE) – configuration settings found in a wide variety of hardware and software products. SOURCE: SP 800-128 Common Configuration Scoring A set of measures of the severity of software security configuration System (CCSS) – issues. SOURCE: NISTIR 7502 A SCAP specification for measuring the severity of software security configuration issues. SOURCE: SP 800-128 Common Control – A security control that is inherited by one or more organizational information systems. See Security Control Inheritance. SOURCE: SP 800-53; SP 800-53A; SP 800-37; CNSSI-4009 Common Control Provider – An organizational official responsible for the development, implementation, assessment, and monitoring of common controls (i.e., security controls inherited by information systems). SOURCE: SP 800-37; SP 800-53A Common Criteria – Governing document that provides a comprehensive, rigorous method for specifying security function and assurance requirements for products and systems.