Which SCAP specification provides a standard naming and dictionary of system configuration issues?

The main idea here is having a single, consistent way to refer to the software and hardware platforms that checks target. CPE provides exactly that: a Common Platform Enumeration, which is a formal naming scheme and a dictionary of product identifiers used across SCAP content. This standardized naming lets automated tools unambiguously reference the same platform across different datasets, catalogs, and checks, enabling reliable mapping between configurations, tests, and data. The other SCAP components serve different roles: CVE is for vulnerability identifiers, OVAL defines the language and schemas to express tests and system state, and SCAP-DS handles how data streams carry definitions and content. They don’t provide the standardized product naming and dictionary that CPE offers.