Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
security checklists (or benchmarks) that provide detailed low level
guidance on setting the security configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Security
Content Automation Protocol (SCAP). SCAP enables validated
security products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Please note that the current search fields have been adjusted to
reflect NIST SP 800-70 Revision 4.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 552
matching records. Displaying matches 1 through 20.
| Name (Version) |
Target |
Authority |
Last Modified |
Resources |
| Red Hat 7 STIG (Ver 3, Rel 4) |
Red Hat Enterprise Linux 7.0
|
Defense Information Systems Agency
|
07/30/2021 |
SCAP 1.2 Content - RHEL 7 STIG Benchmark - Ver 3, Rel 4
Automated Content - SCC 5.4.1 RHEL 6 i686
Automated Content - SCC 5.4.1 RHEL 6 x86 64
Automated Content - SCC 5.4.1 RHEL 7/Oracle Linux 7/SLES12 x86 64
Automated Content - SCC 5.4.1 RHEL 8 x86 64
Machine-Readable Format - Red Hat Enterprise Linux 7 STIG for Ansible - Ver 3, Rel 4
Machine-Readable Format - Red Hat Enterprise Linux 7 STIG for Chef - Ver 3, Rel 4
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 7 STIG - Ver 3, Rel 4
|
| Palo Alto Networks Intrusion Detection and Prevention System (IDPS) STIG (Version 2, Release 1) |
Palo Alto Networks Intrusion Detection and Prevention System
|
Defense Information Systems Agency
|
07/30/2021 |
Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
|
| IBM AIX 7.X STIG (Ver 2, Rel 3) |
IBM AIX 7.1
IBM AIX 7.2
|
Defense Information Systems Agency
|
07/30/2021 |
Standalone XCCDF 1.1.4 - IBM AIX 7.x STIG - Ver 2, Rel 3
|
| PostgreSQL 9.x STIG (Ver 2, Rel 2) |
PostgreSQL 9.x
|
Defense Information Systems Agency
|
07/30/2021 |
Standalone XCCDF 1.1.4 - PostgresSQL 9.x STIG - Ver 2, Rel 2
|
| Palo Alto Networks Network Device Management (NDM) STIG (Ver 2, Rel 1) |
Palo Alto Networks Network Device Management (NDM)
|
Defense Information Systems Agency
|
07/30/2021 |
Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
|
| Palo Alto Networks Application Layer Gateway (ALG) STIG (Version 2, Release 1) |
Palo Alto Networks Application Layer Gateway (ALG)
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
|
| Microsoft SQL Server 2016 STIG (Ver 2, Rel 1) |
Microsoft SQL Server 2016
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - Microsoft SQL Server 2016 STIG
|
| Adobe Acrobat Professional DC Continuous Track STIG (Ver 2, Rel 1) |
Adobe Acrobat Pro DC Continuous Track
|
Defense Information Systems Agency
|
07/29/2021 |
GPOs - Group Policy Objects (GPOs) - April 2021
Standalone XCCDF 1.1.4 - Adobe Acrobat Professional DC Continuous Track STIG - Ver 2, Rel 1
|
| Microsoft Office System 2016 STIG (Version 2, Release 1) |
Microsoft Office 2016
|
Defense Information Systems Agency
|
07/29/2021 |
GPOs - Group Policy Objects (GPOs) - April 2021
Standalone XCCDF 1.1.4 - Microsoft Office System 2016 STIG - Ver 2, Rel 1
|
| Apple OS X 10.15 STIG (Ver 1, Rel 5) |
Apple OS X 10.15
|
Defense Information Systems Agency
|
07/29/2021 |
Automated Content - SCC 5.4.1 Mac OS X x86 64
Standalone XCCDF 1.1.4 - Apple OS X 10.15 STIG - Ver 1, Rel 5
|
| Kubernetes STIG (Ver 1, Rel 2) |
Kubernetes
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - Kubernetes STIG - Ver 1, Rel 2
|
| Microsoft SQL Server 2014 STIG (Version 1, Release 1) |
Microsoft SQL Server 2014
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - Microsoft SQL Server 2014 STIG
|
| Red Hat Jboss Enterprise Application Platform (EAP) 6.3 STIG (Ver 2, Rel 2) |
Red Hat JBoss Enterprise Application Platform 6.3.0
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG - Ver 2, Rel 2
|
| Microsoft Edge STIG (Ver 1, Rel 2) |
Microsoft Edge
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - Microsoft Edge STIG - Ver 1, Rel 2
|
| Microsoft IIS 8.5 STIG (Ver 2, Rel 1) |
IIS 8.5
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - Microsoft IIS 8.5 STIG
|
| Apache Tomcat Application Server 9 STIG (Ver 2, Rel 3) |
Apache Tomcat 9.0
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - Apache Tomcat Application Sever 9 STIG - Ver 2, Rel 3
|
| Cisco IOS Switch STIG (Ver 1, Rel 1) |
Cisco IOS
Cisco IOS XE
Cisco NX-OS
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - Cisco IOS Switch STIG
Standalone XCCDF 1.1.4 - Cisco IOS-XE Switch STIG
Standalone XCCDF 1.1.4 - Cisco NX-OS Switch STIG
|
| Microsoft Office 365 ProPlus STIG (Ver 2, Rel 3) |
Microsoft Office 365 ProPlus
|
Defense Information Systems Agency
|
07/29/2021 |
GPOs - Group Policy Objects (GPOs) - April 2021
Standalone XCCDF 1.1.4 - Microsoft Office 365 ProPlus STIG - Ver 2, Rel 3
|
| Microsoft IIS 10.0 STIG (Ver 2, Rel 1) |
Microsoft IIS 10
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - Microsoft IIS 10.0 STIG
|
| Microsoft Windows 2012 Server DNS STIG (Ver 2, Rel 3) |
Microsoft Windows Server 2012 R2
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - Microsoft Windows 2012 Server Domain Name System STIG - Ver 2, Rel 3
|
* This checklist is still undergoing review for
inclusion into the NCP.
