National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

National Checklist Program Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 559 matching records. Displaying matches 101 through 120.


Name (Version) Target Product Category Authority Last Modified Resources
Microsoft Security Compliance Manager - Windows Server 2012 (1.0) Microsoft Windows Server 2012 R2 Microsoft Corporation 09/21/2018 SCAP 1.0 Content - Microsoft Windows Server 2012 AD Certificate Services Server Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 DHCP Server Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 DNS Server Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 Domain Controller Security Compliance (generated from Microsoft SCM)
SCAP 1.0 Content - Microsoft Windows Server 2012 Domain Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 File Server Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 Hyper-V Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 Member Server Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 Network Access Services Server Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 Print Server Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 Remote Access Services Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 Remote Desktop Services Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 Web Server Security Compliance (generated from Microsoft Security Compliance Manager).
Microsoft Security Compliance Manager - Windows Server 2012 R2 (1.0) Microsoft Windows Server 2012 R2 Microsoft Corporation 09/12/2018 SCAP 1.0 Content - Microsoft Windows Server 2012 R2 Domain Controler Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 R2 Domain Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2012 R2 Member Server Security Compliance (generated from Microsoft Security Compliance Manager).
Microsoft Security and Compliance Manager - Windows Server 2016 (1.0) Microsoft Windows Server 2016 Microsoft Corporation 09/12/2018 SCAP 1.0 Content - Microsoft Windows Server 2016 Domain Controller Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2016 Domain Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Server 2016 Member Server Security Compliance (generated from Microsoft Security Compliance Manager).
GPOs - Windows 10 1607 Security Baseline
Microsoft Security Compliance Manager - Windows Vista SP2 (1.0) Microsoft Windows Vista Service Pack 2 Operating System Microsoft Corporation 09/24/2018 SCAP 1.0 Content - Microsoft Windows Vista SP2 Computer Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows Vista SP2 Domain Security Compliance (generated from Microsoft Security Compliance Manager).
Microsoft Security Compliance Manager - Windows XP SP3 (1.0) Microsoft Windows XP Service Pack 3 Operating System Microsoft Corporation 09/24/2018 SCAP 1.0 Content - Microsoft Windows XP SP3 Domain Security Compliance (generated from Microsoft Security Compliance Manager).
SCAP 1.0 Content - Microsoft Windows XP SP3 Computer Security Compliance (generated from Microsoft Security Compliance Manager).
Windows 2000 Security Checklist (Version 6, Release 1.19) Microsoft Windows 2000 Operating System Defense Information Systems Agency 01/04/2015 SCAP 1.0 Content - Windows 2000 Security Checklist
Windows XP STIG (Version 6, Release 1.34) Microsoft Windows XP Operating System Defense Information Systems Agency 08/15/2017 SCAP 1.0 Content - Windows XP STIG Benchmark Version 6, Release 1.34
Standalone XCCDF 1.1.4 - Windows XP STIG - Version 6, Release 1.32
NIST National Checklist for Red Hat Enterprise Linux 7.x (content v0.1.43) Red Hat Enterprise Linux 7.0
Red Hat Enterprise Linux 7.1
Red Hat Enterprise Linux 7.2
Red Hat Enterprise Linux 7.3
Red Hat Enterprise Linux 7.4
Red Hat Enterprise Linux 7.5
Red Hat Enterprise Linux 7.6
Red Hat 03/04/2019 Ansible Playbook - CIA Commercial Cloud Services (CIA C2S)
Ansible Playbook - DISA STIG
Ansible Playbook - FBI Criminal Justice Information Services (FBI CJIS)
Ansible Playbook - Health Insurance Portability and Accountability Act (HIPAA)
Ansible Playbook - NIST 800-171 (Controlled Unclassified Information)
Ansible Playbook - NIST National Checklist for Red Hat Enterprise Linux 7.x
Ansible Playbook - PCI-DSS
Machine-Readable Format - NIST National Checklist for Red Hat Enterprise Linux 7.x with SCAP 1.2 Datastream and OVAL 5.10
Machine-Readable Format - NIST National Checklist for Red Hat Enterprise Linux 7.x with SCAP 1.3 Datastream and OVAL 5.11 (recommended)
Adobe Acrobat Pro DC Classic Track STIG (Ver 1, Rel 1) Adobe Acrobat Pro DC Classic Track Defense Information Systems Agency 03/08/2019 GPOs - Group Policy Objects (GPOs) - January 2019
Standalone XCCDF 1.1.4 - Adobe Acrobat Pro DC Classic Track STIG - Ver 1, Rel 1
Adobe Acrobat Pro DC Continuous Track STIG (Ver 1, Rel 1) Adobe Acrobat Pro DC Continuous Track Defense Information Systems Agency 03/08/2019 GPOs - Group Policy Objects (GPOs) - January 2019
Standalone XCCDF 1.1.4 - Adobe Acrobat Pro DC Continuous Track STIG - Ver 1, Rel 1
Windows Firewall STIG (Version 1, Release 2) Microsoft Windows Vista Firewall
Microsoft Windows Vista
Microsoft Windows Server 2008
Firewall
Operating System
Defense Information Systems Agency 03/08/2019 GPOs - Group Policy Objects (GPOs) - January 2019
Standalone XCCDF 1.1.4 - Windows Firewall STIG Version 1, Release 2
DoD - Microsoft Office 2010 Settings (21April2011) Microsoft Office 2010 Office Suite Department of Defense 09/23/2013 GPOs - Microsoft Office 2010 Version 1.0 - DRAFT Office 2010 GPO
Prose - Microsoft Office 2010 - DoD Master Office 2010 Settings
Android 2.2 (Dell) (Version 1, Release 1) Google Android 2.2 Operating System
Handheld Device
Defense Information Systems Agency 08/15/2017 Machine-Readable Format - Checklist Details for Android 2.2 (Dell) Version 1, Release 1
CIS Microsoft SQL Server 2014 Benchmark (1.1.0) Microsoft SQL Server 2014 Database Management System Center for Internet Security (CIS) 12/01/2015 Machine-Readable Format - CIS Microsoft SQL Server 2014 Benchmark v1.1.0
NIST SP 800-179 (1.0) Apple OS X 10.10 NIST, Computer Security Division 03/01/2018 Machine-Readable Format - GitHub repository for Apple OS X 10.10 Baselines
Prose - The landing page for the NIST SP 800-179 Checklist.
Google Chrome v24 Windows STIG (Version 1, Release 1) Google Chrome 24.0.1272.0 Web Browser Defense Information Systems Agency 08/15/2017 Machine-Readable Format - Google Chrome v23 Windows Benchmark - Version 1, Release 2
Standalone XCCDF 1.1.4 - Google Chrome v24 Windows STIG Version 1, Release 1
Google Chrome v23 Windows STIG (Version 1, Release 2) Google Chrome 23.0.1271.0 Web Browser Defense Information Systems Agency 08/15/2017 Machine-Readable Format - Google Chrome v23 Windows Benchmark - Version 1, Release 2
Standalone XCCDF 1.1.4 - Google Chrome v23 Windows STIG Version 1, Release 2
NIST National Checklist for Red Hat OpenShift 3.x (content v0.1.43) Red Hat OpenShift Container Platform 3.5
Red Hat OpenShift Container Platform 3.6
Red Hat OpenShift Container Platform 3.7
Red Hat OpenShift Container Platform 3.8
Red Hat OpenShift Container Platform 3.9
Red Hat OpenShift Container Platform 3.10
Red Hat OpenShift Container Platform 3.11
Red Hat 03/19/2019 Machine-Readable Format - NIST National Checklist for Red Hat Enterprise Linux 7.x with SCAP 1.2 Datastream and OVAL 5.10
Machine-Readable Format - NIST National Checklist for Red Hat Enterprise Linux 7.x with SCAP 1.3 Datastream and OVAL 5.11 (recommended)
Security Template - NIST 800-53/FISMA Applicability Guide for OpenShift 3.x
Prose - OpenShift Security Guide (HTML)
FBI CJIS Compliance Profile for Red Hat Enterprise Linux 7 (RHEL7) (v0.1.31) Red Hat Enterprise Linux 7.0
Red Hat Enterprise Linux 7.1
Red Hat Enterprise Linux 7.2
Red Hat Enterprise Linux 7.3
Red Hat 12/04/2017 Machine-Readable Format - SCAP Datastream
Vanguard DB2 z/OS RACF Checklist (6.1) IBM OS390
IBM DB2 8.1
IBM RACF
IBM z/OS Version 1 Release 10
IBM z/OS Version 1 Release 11
IBM z/OS Version 1 Release 12
IBM Z/OS Version 1, Release 9
IBM z/OS Version 2.1
IBM z/OS Version 2, Release 1
Operating System
Database Management System
Security Server
Vanguard Integrity Professionals, Inc. 09/07/2017 Machine-Readable Format - Vanguards DB2 Checkslist for RACF on z/OS
* This checklist is still undergoing review for inclusion into the NCP.