National Checklist Program Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 528 matching records. Displaying matches 1 through 20.

Name (Version) Target Authority Last Modified Resources
Adobe Acrobat Reader DC Continuous Track STIG (Ver 1, Rel 6) Adobe Acrobat Reader
Defense Information Systems Agency
10/29/2020 SCAP 1.2 Content - Adobe Acrobat Reader DC Continuous Track STIG Benchmark - Ver 1, Rel 5
Standalone XCCDF 1.1.4 - Adobe Acrobat Reader DC Continuous Track STIG - Ver 1, Rel 6
EDB Postgres Advanced Server STIG (Ver 2, Rel 1) EDB Postgres Advanced Server
Defense Information Systems Agency
10/29/2020 Standalone XCCDF 1.1.4 - EDB Postgres Advanced Server STIG - Ver 2, Rel 1
EDB Postgres Advanced Server v11 for Windows STIG (Ver 2, Rel 1) EDB Postgres Advanced Server
Defense Information Systems Agency
10/29/2020 Standalone XCCDF 1.1.4 - EDB Postgres Advanced Server v11 for Windows STIG - Ver 2, Rel 1
Microsoft Outlook 2016 STIG (Version 2, Release 1) Microsoft Outlook 2016
Defense Information Systems Agency
10/29/2020 GPOs - Group Policy Objects (GPOs) - October 2020
Standalone XCCDF 1.1.4 - Microsoft Outlook 2016 STIG - Ver 2, Rel 1
Windows 10 STIG (Version 1, Release 23) Microsoft Windows 10
Defense Information Systems Agency
10/29/2020 SCAP 1.2 Content - Microsoft Windows 10 STIG Benchmark - Ver 1, Rel 18
GPOs - Group Policy Objects (GPOs) - October 2020
Standalone XCCDF 1.1.4 - Microsoft Windows 10 STIG - Ver 1, Rel 23
Microsoft Windows Server 2016 STIG (Version 1, Release 13) Microsoft Windows Server 2016
Defense Information Systems Agency
10/29/2020 SCAP 1.2 Content - Microsoft Windows Server 2016 STIG Benchmark - Ver 1, Rel 13
GPOs - Group Policy Objects (GPOs) - October 2020
Machine-Readable Format - Microsoft Windows Server 2016 STIG for Chef - Ver 1, Rel 3
Machine-Readable Format - Microsoft Windows Server 2016 STIG for PowerShell DSC - Ver 1, Rel 3
Standalone XCCDF 1.1.4 - Microsoft Windows Server 2016 STIG - Ver 1, Rel 12
Microsoft Windows Server 2019 (Ver 1, Rel 5) Microsoft Windows Server 2019
Defense Information Systems Agency
10/29/2020 SCAP 1.2 Content - Microsoft Windows Server 2019 STIG Benchmark - Ver 1, Rel 3
GPOs - Group Policy Objects (GPOs) - October 2020
Machine-Readable Format - Microsoft Windows Server 2019 STIG for Chef - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Microsoft Windows Server 2019 STIG - Ver 1, Rel 5
Microsoft OneNote 2016 STIG (Version 1, Release 3) Microsoft OneNote 2016
Defense Information Systems Agency
10/29/2020 Standalone XCCDF 1.1.4 - Microsoft OneNote 2016 STIG - Ver 1, Rel 2
Microsoft Outlook 2013 STIG (Version 1, Release 13) Microsoft Outlook 2013
Defense Information Systems Agency
10/29/2020 Standalone XCCDF 1.1.4 - Microsoft Outlook 2013 STIG - Ver 1, Rel 13
Microsoft Office System 2016 STIG (Version 1, Release 4) Microsoft Office 2016
Defense Information Systems Agency
10/29/2020 GPOs - Group Policy Objects (GPOs) - October 2020
Standalone XCCDF 1.1.4 - Microsoft Office System 2016 STIG - Ver 1, Rel 1
Publisher 2013 STIG (Version 1, Release 5) Microsoft Publisher 2013
Defense Information Systems Agency
10/29/2020 Standalone XCCDF 1.1.4 - Microsoft Publisher 2013 STIG - Ver 1, Rel 5
Microsoft Word 2016 STIG (Version 1, Release 2) Microsoft Word 2016
Defense Information Systems Agency
10/29/2020 Standalone XCCDF 1.1.4 - Microsoft Word 2016 STIG - Ver 1, Rel 1
Microsoft One Drive for Business 2016 STIG (Version 1, Release 3) Microsoft One Drive for Business 2016
Defense Information Systems Agency
10/29/2020 Standalone XCCDF 1.1.4 - Microsoft OneDrive for Business 2016 STIG - Ver 1, Rel 3
Microsoft Windows Defender Antivirus STIG (Ver 1, Rel 9) Microsoft Windows Defender
Defense Information Systems Agency
10/29/2020 SCAP 1.2 Content - Microsoft Windows Defender Antivirus STIG Benchmark - Ver 1, Rel 7
GPOs - Group Policy Objects (GPOs) - October 2020
Standalone XCCDF 1.1.4 - Microsoft Windows Defender Antivirus STIG - Ver 1, Rel 9
Windows Server 2012 / 2012 R2 STIG (Version 2, Release 19) Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Defense Information Systems Agency
10/29/2020 SCAP 1.2 Content - Microsoft Windows Server 2012 and 2012 R2 DC STIG Benchmark - Ver 2, Rel 19
SCAP 1.2 Content - Microsoft Windows Server 2012 and 2012 R2 MS STIG Benchmark - Ver 2, Rel 19
GPOs - Group Policy Objects (GPOs) - October 2020
Standalone XCCDF 1.1.4 - Microsoft Windows 2012 and 2012 R2 DC - Ver 2, Rel 21
Standalone XCCDF 1.1.4 - Microsoft Windows 2012 and 2012 R2 MS - Ver 2, Rel 19
Microsoft Project 2016 STIG (Version 1, Release 2) Microsoft Project 2016
Defense Information Systems Agency
10/29/2020 Standalone XCCDF 1.1.4 - Microsoft Project 2016 STIG - Ver 1, Rel 1
Windows 8/8.1 STIG (Version 1, Release 23) Microsoft Windows 8 x64 (64-bit)
Microsoft Windows 8 x86 (32-bit)
Microsoft Windows 8.1 (x64)
Microsoft Windows 8.1 (x86)
Defense Information Systems Agency
10/29/2020 SCAP 1.2 Content - Sunset - Microsoft Windows 8/8.1 STIG Benchmark - Ver 1, Rel 22
GPOs - Group Policy Objects (GPOs) - October 2020
Standalone XCCDF 1.1.4 - Sunset - Microsoft Windows 8/8.1 STIG - Ver 1, Rel 23
Word 2013 STIG (Version 1, Release 6) Microsoft Word 2013
Defense Information Systems Agency
10/29/2020 Standalone XCCDF 1.1.4 - Microsoft Word 2013 STIG - Ver 1, Rel 6
Microsoft PowerPoint 2016 STIG (Version 1, Release 2) Microsoft PowerPoint 2016
Defense Information Systems Agency
10/29/2020 Standalone XCCDF 1.1.4 - Microsoft PowerPoint 2016 STIG - Ver 1, Rel 1
Sharepoint Designer 2013 STIG (Version 1, Release 3) Microsoft SharePoint Designer 2013
Defense Information Systems Agency
10/29/2020 Standalone XCCDF 1.1.4 - Microsoft Sharepoint Designer 2013 STIG - Ver 1, Rel 3
* This checklist is still undergoing review for inclusion into the NCP.