National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

National Checklist Program Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 514 matching records. Displaying matches 101 through 120.


Name (Version) Target Authority Last Modified Resources
Microsoft Project 2016 STIG (Version 1, Release 1) Microsoft Project 2016 Defense Information Systems Agency 08/30/2019 GPOs - Group Policy objects (GPOs) - July 2019
Standalone XCCDF 1.1.4 - Microsoft Project 2016 STIG - Ver 1, Rel 1
Microsoft Publisher 2016 STIG (Version 1, Release 3) Microsoft Publisher 2016 Defense Information Systems Agency 08/30/2019 GPOs - Group Policy objects (GPOs) - July 2019
Standalone XCCDF 1.1.4 - Microsoft Publisher 2016 STIG - Ver 1, Rel 3
Microsoft Skype for Business 2016 STIG (Version 1, Release 1) Microsoft Skype for Business 2016 Defense Information Systems Agency 08/30/2019 GPOs - Group Policy objects (GPOs) - July 2019
Standalone XCCDF 1.1.4 - Microsoft Skype for Business 2016 STIG - Ver 1, Rel 1
Microsoft Visio 2016 STIG (Version 1, Release 1) Microsoft Visio 2016 Defense Information Systems Agency 08/30/2019 GPOs - Group Policy objects (GPOs) - July 2019
Standalone XCCDF 1.1.4 - Microsoft Visio 2016 STIG - Ver 1, Rel 1
Microsoft Word 2016 STIG (Version 1, Release 1) Microsoft Word 2016 Defense Information Systems Agency 08/30/2019 GPOs - Group Policy objects (GPOs) - July 2019
Standalone XCCDF 1.1.4 - Microsoft Word 2016 STIG - Ver 1, Rel 1
Microsoft One Drive for Business 2016 STIG (Version 1, Release 2) Microsoft One Drive for Business 2016 Defense Information Systems Agency 08/30/2019 GPOs - Group Policy objects (GPOs) - July 2019
Standalone XCCDF 1.1.4 - Microsoft One Drive for Business 2016 STIG - Ver 1, Rel 2
DoD - Microsoft Office 2010 Settings (21April2011) Microsoft Office 2010 Department of Defense 09/23/2013 GPOs - Microsoft Office 2010 Version 1.0 - DRAFT Office 2010 GPO
Prose - Microsoft Office 2010 - DoD Master Office 2010 Settings
NIST SP 800-179 (1.0) Apple OS X 10.10 NIST, Computer Security Division 03/01/2018 Machine-Readable Format - GitHub repository for Apple OS X 10.10 Baselines
Prose - The landing page for the NIST SP 800-179 Checklist.
Google Chrome v24 Windows STIG (Version 1, Release 1) Google Chrome 24.0.1272.0 Defense Information Systems Agency 04/15/2019 Machine-Readable Format - Google Chrome v23 Windows Benchmark - Version 1, Release 2
Standalone XCCDF 1.1.4 - Google Chrome v24 Windows STIG Version 1, Release 1
Google Chrome v23 Windows STIG (Version 1, Release 2) Google Chrome 23.0.1271.0 Defense Information Systems Agency 04/15/2019 Machine-Readable Format - Google Chrome v23 Windows Benchmark - Version 1, Release 2
Standalone XCCDF 1.1.4 - Google Chrome v23 Windows STIG Version 1, Release 2
FBI CJIS Compliance Profile for Red Hat Enterprise Linux 7 (RHEL7) (v0.1.31) Red Hat Enterprise Linux 7.0
Red Hat Enterprise Linux 7.1
Red Hat Enterprise Linux 7.2
Red Hat Enterprise Linux 7.3
Red Hat 12/04/2017 Machine-Readable Format - SCAP Datastream
Android 2.2 (Dell) (Version 1, Release 2) Google Android 2.2 Defense Information Systems Agency 09/11/2019 Machine-Readable Format - Sunset - Android 2.2 (DELL) STIG - Ver 1, Rel 2
Vanguard DB2 z/OS RACF Checklist (6.1) IBM OS390
IBM DB2 8.1
IBM RACF
IBM z/OS Version 1 Release 10
IBM z/OS Version 1 Release 11
IBM z/OS Version 1 Release 12
IBM Z/OS Version 1, Release 9
IBM z/OS Version 2.1
IBM z/OS Version 2, Release 1
Vanguard Integrity Professionals, Inc. 09/08/2017 Machine-Readable Format - Vanguards DB2 Checkslist for RACF on z/OS
OpenShift 3.x on Azure for Government (FedRAMP Moderate) (v1) Red Hat OpenShift Container Platform 3.5
Red Hat OpenShift Container Platform 3.6
Red Hat OpenShift Container Platform 3.7
Red Hat OpenShift Container Platform 3.8
Red Hat OpenShift Container Platform 3.9
Red Hat OpenShift Container Platform 3.10
Red Hat OpenShift Container Platform 3.11
Red Hat 10/18/2018 Security Template - Ansible Playbooks supporting the creation of either a multi-node full HA production cluster or a single node designed for exploration of OpenShift on Azure.
Security Template - OpenShift Container Platform 3.x on Azure for Government, FedRAMP Moderate SSP Template
Prose - Deploying Red Hat OpenShift Container Platform 3 on Microsoft Azure
FedRAMP Moderate for Red Hat OpenStack Platform 13 (v1) Red Hat OpenStack Platform 13.0 Red Hat 10/03/2018 Security Template - FedRAMP Moderate Template SSP for Red Hat OpenStack Platform 13
Security Template - NIST 800-53 Control Applicability Guide for Red Hat OpenStack Platform 13
FedRAMP Low for Red Hat Ansible Tower 3.2.x (v1) Red Hat Ansible Tower 3.2.6
Red Hat Ansible Tower 3.2.5
Red Hat Ansible Tower 3.2.4
Red Hat Ansible Tower 3.2.3
Red Hat Ansible Tower 3.2.2
Red Hat Ansible Tower 3.2.1
Red Hat Ansible Tower 3.2.0
Red Hat 11/19/2018 Security Template - FedRAMP Template for Red Hat Ansible Tower 3.x
Security Template - NIST 800-53 Control Applicability Guide for Red Hat Ansible Tower 3.2.x
Prose - Section 508 Voluntary Product Accessibility Template (VPAT) and Web Content Accessibility Guidelines (WCAG) 2.0 for Ansible Tower
NIST SP 800-43 (Update R1.2.3) Microsoft Windows 2000 NIST, Computer Security Division 09/12/2014 Security Template - The security template for the checklist entitled NIST 800-43.
Standalone XCCDF 1.1.4 - The XCCDF representation of the checklist entitled NIST SP 800-43.
Prose - The landing page for the NIST SP 800-43 checklist.
A10 Networks Application Delivery Controller (ADC) (Version 1) A10 Networks Application Delivery Controller Defense Information Systems Agency 06/04/2019 Standalone XCCDF 1.1.4 - A10 Networks Application Delivery Controller (ADC) ALG STIG Ver 1
Standalone XCCDF 1.1.4 - A10 Networks Application Delivery Controller (ADC) NDM STIG Ver 1
Active Directory Domain STIG (Ver 2, Rel 13) Microsoft Active Directory Defense Information Systems Agency 06/04/2019 Standalone XCCDF 1.1.4 - Active Directory Domain STIG - Ver 2, Rel 13
Active Directory Forest STIG (Ver 2, Rel 8) Microsoft Active Directory Defense Information Systems Agency 06/04/2019 Standalone XCCDF 1.1.4 - Active Directory Forest STIG - Ver 2, Rel 8
* This checklist is still undergoing review for inclusion into the NCP.