National Checklist Program Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 530 matching records. Displaying matches 61 through 80.

Name (Version) Target Authority Last Modified Resources
Palo Alto Networks Network Device Management (NDM) STIG (Ver 2, Rel 1) Palo Alto Networks Network Device Management (NDM)
Defense Information Systems Agency
10/28/2020 Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
Microsoft IIS 8.5 STIG (Ver 2, Rel 1) IIS 8.5
Defense Information Systems Agency
10/28/2020 Standalone XCCDF 1.1.4 - Microsoft IIS 8.5 STIG
F5 BIG-IP 11.x STIG (Ver 1, Rel 5) F5 BIG-IP Access Policy Manager (APM) 11.x STIG
Defense Information Systems Agency
10/28/2020 Standalone XCCDF 1.1.4 - F5 BIG-IP 11.x STIG
Microsoft Office System 2013 STIG (Version 2, Release 1) Office System 2013
Defense Information Systems Agency
10/28/2020 GPOs - Group Policy Objects (GPOs) - October 2020
Standalone XCCDF 1.1.4 - Microsoft Office System 2013 STIG - Ver 2, Rel 1
Apache Server 2.4 Windows STIG (Ver 2, Rel 1) Apache HTTP Server 2.4.0
Defense Information Systems Agency
10/28/2020 Standalone XCCDF 1.1.4 - Apache Server 2.4 Windows STIG
Cisco IOS Switch STIG (Ver 1, Rel 1) Cisco IOS
Cisco IOS XE
Cisco NX-OS
Defense Information Systems Agency
10/28/2020 Standalone XCCDF 1.1.4 - Cisco IOS Switch STIG
Standalone XCCDF 1.1.4 - Cisco IOS XE Switch STIG
Standalone XCCDF 1.1.4 - Cisco NX-OS Switch STIG - Ver 1, Rel 1
Microsoft SQL Server 2016 STIG (Ver 2, Rel 1) Microsoft SQL Server 2016
Defense Information Systems Agency
10/28/2020 Standalone XCCDF 1.1.4 - Microsoft SQL Server 2016 STIG
Microsoft Exchange Server 2016 STIG (Version 2, Release 1) Microsoft Exchange Server 2016
Defense Information Systems Agency
10/28/2020 Standalone XCCDF 1.1.4 - Microsoft Exchange 2016 STIG
Microsoft IIS 10.0 STIG (Ver 2, Rel 1) Microsoft IIS 10
Defense Information Systems Agency
10/28/2020 Standalone XCCDF 1.1.4 - Microsoft IIS 10.0 STIG
Google Chrome Browser STIG for Windows (Version 2, Release 1) Google Chrome 33
Defense Information Systems Agency
10/28/2020 SCAP 1.2 Content - Google Chrome for Windows STIG Benchmark - Ver 2, Rel 1
GPOs - Group Policy Objects (GPOs) - October 2020
Standalone XCCDF 1.1.4 - Google Chrome STIG - Ver 2, Rel 1
Apache Server 2.4 UNIX STIG (Y20M10) Apache HTTP Server 2.4.0
Defense Information Systems Agency
10/28/2020 Standalone XCCDF 1.1.4 - Apache Server 2.4 UNIX STIG
Palo Alto Networks Intrusion Detection and Prevention System (IDPS) STIG (Version 2, Release 1) Palo Alto Networks Intrusion Detection and Prevention System
Defense Information Systems Agency
10/27/2020 Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
IBM AIX 7.x STIG (Ver 2, Rel 1) IBM AIX 7.1
IBM AIX 7.2
Defense Information Systems Agency
10/27/2020 Standalone XCCDF 1.1.4 - IBM AIX 7.x STIG - Ver 2, Rel 1
Canonical Ubuntu 16.04 STIG (Ver 2, Rel 1) Canonical Ubuntu 16.04 LTS (Long Term Support)
Defense Information Systems Agency
10/27/2020 SCAP 1.2 Content - Canonical Ubuntu 16.04 STIG Benchmark - Ver 2, Rel 1
Standalone XCCDF 1.1.4 - Canonical Ubuntu 16.04 LTS STIG - Ver 2, Rel 1
Apple OS X 10.14 (Mojave) STIG (Ver 2, Rel 1) Apple OS X 10.14
Defense Information Systems Agency
10/27/2020 Standalone XCCDF 1.1.4 - Apple OS X 10.14 STIG - Ver 2, Rel 1
Red Hat 6 STIG (Version 2, Release 1) Red Hat Enterprise Linux 6
Defense Information Systems Agency
10/27/2020 SCAP 1.2 Content - Red Hat Enterprise Linux 6 STIG Benchmark - Ver 2, Rel 1
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 6 STIG - Ver 2, Rel 1
Oracle Linux 6 STIG (Version 2, Release 1) Oracle Linux 6
Defense Information Systems Agency
10/27/2020 Standalone XCCDF 1.1.4 - Oracle Linux 6 STIG - Ver 2, Rel 1
zOS TSS STIG (Version 6, Release 47) IBM OS390
Defense Information Systems Agency
10/27/2020 Standalone XCCDF 1.1.4 - z/OS STIG - Ver 8, Rel 1
Standalone XCCDF 1.1.4 - z/OS TSS Products - Ver 6, Rel 47
Palo Alto Networks Application Layer Gateway (ALG) STIG (Version 2, Release 1) Palo Alto Networks Application Layer Gateway (ALG)
Defense Information Systems Agency
10/27/2020 Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
Microsoft Windows 2012 Server DNS STIG (Ver 2, Rel 1) Microsoft Windows Server 2012 R2
Defense Information Systems Agency
10/27/2020 Standalone XCCDF 1.1.4 - Microsoft Windows 2012 Server DNS STIG - Ver 2, Rel 1
* This checklist is still undergoing review for inclusion into the NCP.