National Checklist Program Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 518 matching records. Displaying matches 81 through 100.

Name (Version) Target Authority Last Modified Resources
Adobe Acrobat Pro DC Continuous Track STIG (Ver 1, Rel 2) Adobe Acrobat Pro DC Continuous Track
Defense Information Systems Agency
04/27/2020 GPOs - Group Policy Objects (GPOs) - April 2020
Standalone XCCDF 1.1.4 - Adobe Acrobat Pro DC Continuous Track STIG - Ver 1, Rel 2
Microsoft Office System 2016 STIG (Version 1, Release 1) Microsoft Office 2016
Defense Information Systems Agency
04/27/2020 GPOs - Group Policy Objects (GPOs) - April 2020
Standalone XCCDF 1.1.4 - Microsoft Office System 2016 STIG - Ver 1, Rel 1
Microsoft Office System 2013 STIG (Version 1, Release 9) Office System 2013
Defense Information Systems Agency
04/27/2020 GPOs - Group Policy Objects (GPOs) - April 2020
Standalone XCCDF 1.1.4 - Microsoft Office System 2013 STIG - Ver 1, Rel 9
Windows Firewall STIG (Version 1, Release 2) Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Vista Firewall
Defense Information Systems Agency
12/12/2019 GPOs - Group Policy Objects (GPOs) - January 2019
Standalone XCCDF 1.1.4 - Windows Firewall STIG Version 1, Release 2
DoD - Microsoft Office 2010 Settings (21April2011) Microsoft Office 2010
Department of Defense
03/12/2020 GPOs - Microsoft Office 2010 Version 1.0 - DRAFT Office 2010 GPO
Prose - Microsoft Office 2010 - DoD Master Office 2010 Settings
Cisco IOS Router STIG (Version 1, Release 3) Cisco IOS
Defense Information Systems Agency
06/25/2020 Machine-Readable Format - Cisco IOS XE Router NDM and RTR STIG for Ansible - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Cisco IOS-XE Router STIG
Standalone XCCDF 1.1.4 - Cisco IOS-XR Router STIG
Standalone XCCDF 1.1.4 - Cisco IOS Router STIG
Docker Enterprise 2.x Linux/UNIX STIG (Ver 1 Rel 1) Docker Enterprise 2.0.0
Defense Information Systems Agency
06/23/2020 Machine-Readable Format - Docker Enterprise 2.x Linux/Unix STIG for Ansible - Ver 1, Rel 1
Standalone XCCDF 1.1.4 - Docker Enterprise 2.x Linux/UNIX STIG - Ver 1 Rel 1
NIST SP 800-179 (1.0) Apple OS X 10.10
NIST, Computer Security Division
03/01/2018 Machine-Readable Format - GitHub repository for Apple OS X 10.10 Baselines
Prose - The landing page for the NIST SP 800-179 Checklist.
Google Chrome v24 Windows STIG (Version 1, Release 1) Google Chrome 24.0.1272.0
Defense Information Systems Agency
04/15/2019 Machine-Readable Format - Google Chrome v23 Windows Benchmark - Version 1, Release 2
Standalone XCCDF 1.1.4 - Google Chrome v24 Windows STIG Version 1, Release 1
Google Chrome v23 Windows STIG (Version 1, Release 2) Google Chrome 23.0.1271.0
Defense Information Systems Agency
04/15/2019 Machine-Readable Format - Google Chrome v23 Windows Benchmark - Version 1, Release 2
Standalone XCCDF 1.1.4 - Google Chrome v23 Windows STIG Version 1, Release 2
FBI CJIS Compliance Profile for Red Hat Enterprise Linux 7 (RHEL7) (v0.1.31) Red Hat Enterprise Linux 7.0
Red Hat Enterprise Linux 7.1
Red Hat Enterprise Linux 7.2
Red Hat Enterprise Linux 7.3
Red Hat
12/04/2017 Machine-Readable Format - SCAP Datastream
Android 2.2 (Dell) (Version 1, Release 2) Google Android 2.2
Defense Information Systems Agency
09/11/2019 Machine-Readable Format - Sunset - Android 2.2 (DELL) STIG - Ver 1, Rel 2
Vanguard DB2 z/OS RACF Checklist (6.1) IBM DB2 8.1
IBM OS390
IBM RACF
IBM Z/OS Version 1, Release 9
IBM z/OS Version 1 Release 10
IBM z/OS Version 1 Release 11
IBM z/OS Version 1 Release 12
IBM z/OS Version 2, Release 1
IBM z/OS Version 2.1
Vanguard Integrity Professionals, Inc.
09/08/2017 Machine-Readable Format - Vanguards DB2 Checkslist for RACF on z/OS
VMware vSphere 6.5 STIG (Ver 1, Rel 4) VMware vSphere 6.5
Defense Information Systems Agency
06/25/2020 Machine-Readable Format - VMware vSphere 6.5 STIG for Ansible - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - VMware vSphere 6.5 STIG
OpenShift 3.x on Azure for Government (FedRAMP Moderate) (v1) Red Hat OpenShift Container Platform 3.10
Red Hat OpenShift Container Platform 3.11
Red Hat OpenShift Container Platform 3.5
Red Hat OpenShift Container Platform 3.6
Red Hat OpenShift Container Platform 3.7
Red Hat OpenShift Container Platform 3.8
Red Hat OpenShift Container Platform 3.9
Red Hat
05/12/2020 Security Template - OpenShift Container Platform 3.x on Azure for Government, FedRAMP Moderate SSP Template
Security Template - Ansible Playbooks supporting the creation of either a multi-node full HA production cluster or a single node designed for exploration of OpenShift on Azure.
Prose - Deploying Red Hat OpenShift Container Platform 3 on Microsoft Azure
FedRAMP Moderate for Red Hat OpenStack Platform 13 (v1) Red Hat OpenStack Platform 13.0
Red Hat
05/12/2020 Security Template - FedRAMP Moderate Template SSP for Red Hat OpenStack Platform 13
Security Template - NIST 800-53 Control Applicability Guide for Red Hat OpenStack Platform 13
FedRAMP Low for Red Hat Ansible Tower 3.2.x (v1) Red Hat Ansible Tower 3.2.0
Red Hat Ansible Tower 3.2.1
Red Hat Ansible Tower 3.2.2
Red Hat Ansible Tower 3.2.3
Red Hat Ansible Tower 3.2.4
Red Hat Ansible Tower 3.2.5
Red Hat Ansible Tower 3.2.6
Red Hat
05/15/2020 Security Template - FedRAMP Template for Red Hat Ansible Tower 3.x
Security Template - NIST 800-53 Control Applicability Guide for Red Hat Ansible Tower 3.2.x
Prose - Section 508 Voluntary Product Accessibility Template (VPAT) and Web Content Accessibility Guidelines (WCAG) 2.0 for Ansible Tower
NIST SP 800-43 (Update R1.2.3) Microsoft Windows 2000
NIST, Computer Security Division
09/12/2014 Security Template - The security template for the checklist entitled NIST 800-43.
Standalone XCCDF 1.1.4 - The XCCDF representation of the checklist entitled NIST SP 800-43.
Prose - The landing page for the NIST SP 800-43 checklist.
A10 Networks Application Delivery Controller (ADC) (Version 1) A10 Networks Application Delivery Controller
Defense Information Systems Agency
06/04/2019 Standalone XCCDF 1.1.4 - A10 Networks Application Delivery Controller (ADC) ALG STIG Ver 1
Standalone XCCDF 1.1.4 - A10 Networks Application Delivery Controller (ADC) NDM STIG Ver 1
Active Directory Domain STIG (Ver 2, Rel 13) Microsoft Active Directory
Defense Information Systems Agency
06/04/2019 Standalone XCCDF 1.1.4 - Active Directory Domain STIG - Ver 2, Rel 13
* This checklist is still undergoing review for inclusion into the NCP.