Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
security checklists (or benchmarks) that provide detailed low level
guidance on setting the security configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Security
Content Automation Protocol (SCAP). SCAP enables validated
security products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 855
matching records. Displaying matches 1 through 20.
| Name (Version) |
Target |
Authority |
Last Modified |
Resources |
| Apple macOS 26 (Tahoe) STIG (Ver 1, Rel 1) |
Apple macOS (Tahoe) 26.0.0
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - Apple macOS 26 (Tahoe) STIG - Ver 1, Rel 1
|
| Apple vision OS 2 (Y25M09) |
Apple VisionOS 2.0
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - Apple vision OS 2
|
| Red Hat Enterprise Linux 7 STIG (Ver 3, Rel 15) |
Red Hat Enterprise Linux 7.0
|
Defense Information Systems Agency
|
12/17/2025 |
SCAP 1.3 Content - Sunset - Red Hat Enterprise Linux 7 STIG Benchmark - Ver 3, Rel 15
Automated Content - SCC 5.12.1 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86 64
Automated Content - SCC 5.12.1 RHEL 8/Oracle Linux 8 Aarch64
Automated Content - SCC 5.12.1 RHEL 8/Oracle Linux 8 x86 64
Automated Content - SCC 5.12.1 RHEL 9/Oracle Linux 9 Aarch64
Automated Content - SCC 5.12.1 RHEL 9/Oracle Linux 9 x86 64
Standalone XCCDF 1.1.4 - Sunset - Red Hat Enterprise Linux 7 STIG for Ansible - Ver 3, Rel 14
Standalone XCCDF 1.1.4 - Sunset - Red Hat Enterprise Linux 7 STIG - Ver 3, Rel 15
Standalone XCCDF 1.1.4 - Sunset - Red Hat Enterprise Linux 7 STIG for Chef - Ver 3, Rel 8
|
| Cisco IOS XE Router STIG (Y25M10) |
Cisco IOS XE
|
Defense Information Systems Agency
|
12/17/2025 |
SCAP 1.3 Content - Cisco IOS XE Router NDM STIG SCAP Benchmark - Ver 3, Rel 4
SCAP 1.3 Content - Cisco IOS XE Router RTR STIG SCAP Benchmark - Ver 3, Rel 4
Automated Content - SCC 5.12.1 Windows
Automated Content - SCC 5.12.1 MacOS ARM64
Automated Content - SCC 5.12.1 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86 64
Automated Content - SCC 5.12.1 RHEL 8/Oracle Linux 8 Aarch64
Automated Content - SCC 5.12.1 RHEL 9/Oracle Linux 9 x86 64
Automated Content - SCC 5.12.1 Solaris 11 i386
Automated Content - SCC 5.12.1 Solaris 11 SPARC
Automated Content - SCC 5.12.1 Ubuntu 18/20 AMD64
Automated Content - SCC 5.12.1 Ubuntu 20/Raspios-bulleye Aarch64
Automated Content - SCC 5.12.1 Ubuntu 22/24 AMD64
Automated Content - SCC 5.12.1 Ubuntu 22/24 ARM64
Standalone XCCDF 1.1.4 - Cisco IOS XE Router STIG
Standalone XCCDF 1.1.4 - Cisco IOS XE Router NDM RTR STIG for Ansible - Ver 2, Rel 3
|
| Samsung Android 13 with Knox 3.x STIG (Y25M01) |
Google Android 13
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - Sunset - Samsung Android OS 13 with Knox 3.x STIG
|
| Akamai KSD Service IL2 STIG (Version 1) |
Akamai Kona Site Defender Service Impact Level 2
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - Akamai KSD Service IL2 ALG STIG Version 1
Standalone XCCDF 1.1.4 - Akamai KSD Service IL2 NDM STIG Version 1
|
| Microsoft Windows Server 2019 (Ver 3, Rel 6) |
Microsoft Windows Server 2019
|
Defense Information Systems Agency
|
12/17/2025 |
SCAP 1.3 Content - Microsoft Windows Server 2019 STIG SCAP Benchmark - Ver 3, Rel 6
Automated Content - SCC 5.12.1 Windows
GPOs - Group Policy Objects (GPOs) - October 2025
Standalone XCCDF 1.1.4 - Microsoft Windows Server 2019 STIG for Chef - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Rev. 4 Sunset - Microsoft Windows Server 2019 STIG - Ver 2, Rel 9
Standalone XCCDF 1.1.4 - Microsoft Windows Server 2019 STIG - Ver 3, Rel 6
|
| HYCU Protg STIG (Ver 1, Rel 1) |
HYCU Protoge
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - HYCU Protg STIG - Ver 1, Rel 1
|
| Google Android 13 BYOAD STIG (Y25M10) |
Google Android 13
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - Sunset - Google Android 13 BYOAD STIG
|
| Red Hat OpenShift Container Platform 4.12 STIG (Ver 2, Rel 4) |
Red Hat OpenShift Container Platform 4.12
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - Rev. 4 Sunset - Red Hat OpenShift Container Platform 4.12 STIG - Ver 1, Rel 1
Standalone XCCDF 1.1.4 - Red Hat OpenShift Container Platform 4.x STIG - Ver 2, Rel 4
|
| Rancher Government Solutions RKE2 STIG (Ver 2, Rel 4) |
Rancher RKE2
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - Rancher Government Solutions RKE2 STIG - Ver 2, Rel 4
|
| Canonical Ubuntu 20.04 LTS STIG (Ver 2, Rel 5) |
Canonical Ubuntu 20.04 LTS
|
Defense Information Systems Agency
|
12/17/2025 |
SCAP 1.3 Content - Sunset - Canonical Ubuntu 20.04 LTS STIG SCAP Benchmark - Ver 2, Rel 5
Automated Content - SCC 5.12.1 Ubuntu 18/20 AMD64
Automated Content - SCC 5.12.1 Ubuntu 20/Raspios-bulleye Aarch64
Automated Content - SCC 5.12.1 Ubuntu 22/24 AMD64
Automated Content - SCC 5.12.1 Ubuntu 22/24 ARM64
Standalone XCCDF 1.1.4 - Canonical Ubuntu 20.04 LTS STIG for Ansible - Ver 1, Rel 11
Standalone XCCDF 1.1.4 - Sunset - Canonical Ubuntu 20.04 LTS STIG - Ver 2, Rel 4
|
| Microsoft Visio 2016 STIG (Version 1, Release 1) |
Microsoft Visio 2016
|
Defense Information Systems Agency
|
12/17/2025 |
GPOs - Group Policy Objects (GPOs) - October 2025
|
| Microsoft Office System 2016 STIG (Version 2, Release 4) |
Microsoft Office 2016
|
Defense Information Systems Agency
|
12/17/2025 |
GPOs - Group Policy Objects (GPOs) - October 2025
Standalone XCCDF 1.1.4 - Microsoft Office System 2016 STIG - Ver 2, Rel 4
|
| Microsoft Windows Defender Antivirus STIG (Ver 2, Rel 6) |
Microsoft Windows Defender
|
Defense Information Systems Agency
|
12/17/2025 |
SCAP 1.3 Content - Microsoft Defender Antivirus STIG SCAP Benchmark - Ver 2, Rel 6
Automated Content - SCC 5.12.1 Windows
GPOs - Group Policy Objects (GPOs) - October 2025
Intune Policies - Intune Policy - October 2025
Standalone XCCDF 1.1.4 - Microsoft Defender Antivirus STIG - Ver 2, Rel 6
|
| Microsoft Word 2016 STIG (Version 1, Release 1) |
Microsoft Word 2016
|
Defense Information Systems Agency
|
12/17/2025 |
GPOs - Group Policy Objects (GPOs) - October 2025
|
| Microsoft Project 2016 STIG (Version 1, Release 1) |
Microsoft Project 2016
|
Defense Information Systems Agency
|
12/17/2025 |
GPOs - Group Policy Objects (GPOs) - October 2025
|
| Oracle Database 19c STIG (Ver 1, Rel 3) |
Oracle Database 19c
|
Defense Information Systems Agency
|
12/17/2025 |
Standalone XCCDF 1.1.4 - Oracle Database 19c STIG - Ver 1, Rel 3
|
| Microsoft OneNote 2016 STIG (Version 1, Release 2) |
Microsoft OneNote 2016
|
Defense Information Systems Agency
|
12/17/2025 |
GPOs - Group Policy Objects (GPOs) - October 2025
|
| Microsoft Outlook 2016 STIG (Version 2, Release 3) |
Microsoft Outlook 2016
|
Defense Information Systems Agency
|
12/17/2025 |
GPOs - Group Policy Objects (GPOs) - October 2025
Standalone XCCDF 1.1.4 - Microsoft Outlook 2016 STIG - Ver 2, Rel 3
|
* This checklist is still undergoing review for
inclusion into the NCP.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
