National Checklist Program
The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.
NCP is migrating its repository of checklists to conform to the Security Content Automation Protocol (SCAP). SCAP enables standards based security tools to automatically perform configuration checking using NCP checklists.
NCP Resources:
- Subscribe to NCP Mailing List
- Frequently Asked Questions: General Information
- Frequently Asked Questions: For Vendors and Checklist Developers
- NIST Special Publication 800-70 Download Page
- NCP Control Mapping to Checklist
- Contact NCP
USGCB and FDCC
The NCP contains checklists and pointers to tools for performing configuration checking of systems implementing United States Government Configuration Baselines (USGCB) and Federal Desktop Core Configuration settings using the Security Content Automation Protocol (SCAP). USGCB and FDCC Checklists are available here (to be used with SCAP validated tools).