Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 552 matching records. Displaying matches 1 through 20.

Name (Version) Target Authority Last Modified Resources
Red Hat 7 STIG (Ver 3, Rel 4) Red Hat Enterprise Linux 7.0
Defense Information Systems Agency
07/30/2021 SCAP 1.2 Content - RHEL 7 STIG Benchmark - Ver 3, Rel 4
Automated Content - SCC 5.4.1 RHEL 6 i686
Automated Content - SCC 5.4.1 RHEL 6 x86 64
Automated Content - SCC 5.4.1 RHEL 7/Oracle Linux 7/SLES12 x86 64
Automated Content - SCC 5.4.1 RHEL 8 x86 64
Machine-Readable Format - Red Hat Enterprise Linux 7 STIG for Ansible - Ver 3, Rel 4
Machine-Readable Format - Red Hat Enterprise Linux 7 STIG for Chef - Ver 3, Rel 4
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 7 STIG - Ver 3, Rel 4
Palo Alto Networks Intrusion Detection and Prevention System (IDPS) STIG (Version 2, Release 1) Palo Alto Networks Intrusion Detection and Prevention System
Defense Information Systems Agency
07/30/2021 Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
IBM AIX 7.X STIG (Ver 2, Rel 3) IBM AIX 7.1
IBM AIX 7.2
Defense Information Systems Agency
07/30/2021 Standalone XCCDF 1.1.4 - IBM AIX 7.x STIG - Ver 2, Rel 3
PostgreSQL 9.x STIG (Ver 2, Rel 2) PostgreSQL 9.x
Defense Information Systems Agency
07/30/2021 Standalone XCCDF 1.1.4 - PostgresSQL 9.x STIG - Ver 2, Rel 2
Palo Alto Networks Network Device Management (NDM) STIG (Ver 2, Rel 1) Palo Alto Networks Network Device Management (NDM)
Defense Information Systems Agency
07/30/2021 Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
Palo Alto Networks Application Layer Gateway (ALG) STIG (Version 2, Release 1) Palo Alto Networks Application Layer Gateway (ALG)
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
Microsoft SQL Server 2016 STIG (Ver 2, Rel 1) Microsoft SQL Server 2016
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Microsoft SQL Server 2016 STIG
Adobe Acrobat Professional DC Continuous Track STIG (Ver 2, Rel 1) Adobe Acrobat Pro DC Continuous Track
Defense Information Systems Agency
07/29/2021 GPOs - Group Policy Objects (GPOs) - April 2021
Standalone XCCDF 1.1.4 - Adobe Acrobat Professional DC Continuous Track STIG - Ver 2, Rel 1
Microsoft Office System 2016 STIG (Version 2, Release 1) Microsoft Office 2016
Defense Information Systems Agency
07/29/2021 GPOs - Group Policy Objects (GPOs) - April 2021
Standalone XCCDF 1.1.4 - Microsoft Office System 2016 STIG - Ver 2, Rel 1
Apple OS X 10.15 STIG (Ver 1, Rel 5) Apple OS X 10.15
Defense Information Systems Agency
07/29/2021 Automated Content - SCC 5.4.1 Mac OS X x86 64
Standalone XCCDF 1.1.4 - Apple OS X 10.15 STIG - Ver 1, Rel 5
Kubernetes STIG (Ver 1, Rel 2) Kubernetes
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Kubernetes STIG - Ver 1, Rel 2
Microsoft SQL Server 2014 STIG (Version 1, Release 1) Microsoft SQL Server 2014
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Microsoft SQL Server 2014 STIG
Red Hat Jboss Enterprise Application Platform (EAP) 6.3 STIG (Ver 2, Rel 2) Red Hat JBoss Enterprise Application Platform 6.3.0
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG - Ver 2, Rel 2
Microsoft Edge STIG (Ver 1, Rel 2) Microsoft Edge
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Microsoft Edge STIG - Ver 1, Rel 2
Microsoft IIS 8.5 STIG (Ver 2, Rel 1) IIS 8.5
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Microsoft IIS 8.5 STIG
Apache Tomcat Application Server 9 STIG (Ver 2, Rel 3) Apache Tomcat 9.0
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Apache Tomcat Application Sever 9 STIG - Ver 2, Rel 3
Cisco IOS Switch STIG (Ver 1, Rel 1) Cisco IOS
Cisco IOS XE
Cisco NX-OS
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Cisco IOS Switch STIG
Standalone XCCDF 1.1.4 - Cisco IOS-XE Switch STIG
Standalone XCCDF 1.1.4 - Cisco NX-OS Switch STIG
Microsoft Office 365 ProPlus STIG (Ver 2, Rel 3) Microsoft Office 365 ProPlus
Defense Information Systems Agency
07/29/2021 GPOs - Group Policy Objects (GPOs) - April 2021
Standalone XCCDF 1.1.4 - Microsoft Office 365 ProPlus STIG - Ver 2, Rel 3
Microsoft IIS 10.0 STIG (Ver 2, Rel 1) Microsoft IIS 10
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Microsoft IIS 10.0 STIG
Microsoft Windows 2012 Server DNS STIG (Ver 2, Rel 3) Microsoft Windows Server 2012 R2
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Microsoft Windows 2012 Server Domain Name System STIG - Ver 2, Rel 3
* This checklist is still undergoing review for inclusion into the NCP.