U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.


NCP supports the CCE Common Configuration Enumeration (CCE) list, the CCE Platform Listing.

NCP is migrating its repository of checklists to conform to the Security Content Automation Protocol (SCAP). SCAP enables standards based security tools to automatically perform configuration checking using NCP checklists.

NCP Resources:

USGCB and FDCC

The NCP contains checklists and pointers to tools for performing configuration checking of systems implementing United States Government Configuration Baselines (USGCB) and Federal Desktop Core Configuration settings using the Security Content Automation Protocol (SCAP). USGCB and FDCC Checklists are available here (to be used with SCAP validated tools).