The common configuration scoring system (CCSS) is a set of metries to evaluate the security level of the severity of software security configuration issues. it is time consuming to generate a CCSS score for a computer system as it requires a large amount of manual operations to perform the evaluation on a machine. as a consequence, it is not practical for a system administrator to evaluate all the machines on an enterprise network one by one with CCSS metrics. this paper proposes a new approach to evaluate security configuration issues at enterprise level. our solution provides a centralized management framework to remotely monitor and assess the security scores of individual machines on the network. finally, we provide a set of well defined metrics to evaluate the security influence of the configuration issues at enterprise level. experiments on a small e-commerce company have demonstated the great potential of our solution and prototype tool.