NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

Checklist Type:

Authority:

Target:

Order By:

Content Type:

Tool Compatibility:

Keyword:

There are 828 matching records. Displaying matches 1 through 20.

Name (Version)	Target	Authority	Last Modified	Resources
Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (6.62-93)	IBM z/OS Version 2, Release 5	Vanguard Integrity Professionals, Inc.	04/21/2025	ZIP - Vanguard z/OS RACF Checklist 6.62/93 PDF version ZIP - Vanguard z/OS RACF Checklist 6.62/93 XML version
Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (6.62-92)	IBM z/OS Version 2, Release 4 IBM z/OS Version 2, Release 5	Vanguard Integrity Professionals, Inc.	04/21/2025	ZIP - Vanguard z/OS RACF Checklist 6.62/92 PDF version ZIP - Vanguard z/OS RACF Checklist 6.62/92 XML version
CIS Microsoft Azure Foundations Benchmark (4.0.0)	Microsoft Azure	Center for Internet Security (CIS)	04/21/2025	Prose - CIS Microsoft Azure Foundations Benchmark v4.0.0
Google Android 15 STIG (Y25M01)	Google Android 15	Defense Information Systems Agency	04/21/2025	Standalone XCCDF 1.1.4 - Google Android 15 STIG
CIS Apple macOS 12.0 Monterey Benchmark (3.0.0)	Apple macOS 12.0 (Monterey)	Center for Internet Security (CIS)	04/17/2025	Prose - CIS Apple macOS 12.0 Monterey Benchmark v3.0.0
Microsoft .NET Framework 4 (Version 2, Release 6)	Microsoft .NET Framework 4.0	Defense Information Systems Agency	04/16/2025	SCAP 1.3 Content - Microsoft DotNet Framework 4.0 STIG SCAP Benchmark - Ver 2, Rel 6 Automated Content - SCC 5.10.2 Windows Standalone XCCDF 1.1.4 - Microsoft DotNet Framework 4.0 STIG - Ver 2, Rel 6
CIS Oracle Cloud Infrastructure Foundations Benchmark (3.0.0)	Oracle Cloud Infrastructure	Center for Internet Security (CIS)	04/16/2025	Prose - CIS Oracle Cloud Infrastructure Foundations Benchmark v3.0.0
Excel 2013 STIG (Version 1, Release 8)	Microsoft Excel 2013	Defense Information Systems Agency	04/14/2025	GPOs - Group Policy Objects (GPOs) - January 2025
Word 2013 STIG (Version 1, Release 7)	Microsoft Word 2013	Defense Information Systems Agency	04/14/2025	GPOs - Group Policy Objects (GPOs) - January 2025
Microsoft Office System 2013 STIG (Version 2, Release 2)	Office System 2013	Defense Information Systems Agency	04/14/2025	GPOs - Group Policy Objects (GPOs) - January 2025
Visio 2013 STIG (Version 1, Release 5)	Microsoft Visio 2013	Defense Information Systems Agency	04/14/2025	GPOs - Group Policy Objects (GPOs) - January 2025
Microsoft Access 2013 STIG (Version 1, Release 7)	Access 2013	Defense Information Systems Agency	04/14/2025	GPOs - Group Policy Objects (GPOs) - January 2025
Infopath 2013 STIG (Version 1, Release 6)	Microsoft Infopath 2013	Defense Information Systems Agency	04/14/2025	GPOs - Group Policy Objects (GPOs) - January 2025
Lync 2013 STIG (Version 1, Release 5)	Microsoft Lync 2013	Defense Information Systems Agency	04/14/2025	GPOs - Group Policy Objects (GPOs) - January 2025
Canonical Ubuntu 22.04 LTS STIG (Ver 2, Rel 4)	Canonical Ubuntu 22.04 LTS	Defense Information Systems Agency	04/11/2025	SCAP 1.3 Content - Canonical Ubuntu 22.04 LTS STIG SCAP Benchmark - Ver 2, Rel 2 Standalone XCCDF 1.1.4 - Canonical Ubuntu 22.04 LTS STIG - Ver 2, Rel 4
Mozilla Firefox STIG (Version 6, Release 6)	Mozilla Firefox	Defense Information Systems Agency	04/11/2025	SCAP 1.3 Content - Mozilla Firefox for Linux STIG SCAP Benchmark - Ver 6, Rel 5 SCAP 1.3 Content - Mozilla Firefox for Windows STIG SCAP Benchmark - Ver 6, Rel 6 Automated Content - SCC 5.10.2 Windows Automated Content - SCC 5.10.2 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86 64 Automated Content - SCC 5.10.2 RHEL 8/Oracle Linux 8 Aarch64 Automated Content - SCC 5.10.2 RHEL 8/Oracle Linux 8 x86 64 Automated Content - SCC 5.10.2 RHEL 9/Oracle Linux 9 x86 64 GPOs - Group Policy Objects (GPOs) - January 2025 Standalone XCCDF 1.1.4 - Mozilla Firefox STIG - Ver 6, Rel 5 Standalone XCCDF 1.1.4 - Mozilla Firefox STIG - Ver 6, Rel 6
Microsoft Windows Server Domain Name System STIG (Ver 2, Rel 3)	Microsoft Active Directory	Defense Information Systems Agency	04/11/2025	Standalone XCCDF 1.1.4 - Microsoft Windows Server DNS STIG - Ver 2, Rel 3
Microsoft IIS 10.0 Server STIG (Y25M04)	Microsoft IIS 10	Defense Information Systems Agency	04/11/2025	Standalone XCCDF 1.1.4 - Microsoft IIS 10.0 STIG
Cisco IOS Router STIG (Y25M01)	Cisco IOS	Defense Information Systems Agency	04/11/2025	SCAP 1.3 Content - Cisco IOS XE Router NDM STIG Benchmark - Ver 3, Rel 2 SCAP 1.3 Content - Cisco IOS XE Router RTR STIG Benchmark - Ver 3, Rel 2 Standalone XCCDF 1.1.4 - Cisco IOS XE Router STIG Standalone XCCDF 1.1.4 - Cisco IOS XR Router STIG Standalone XCCDF 1.1.4 - Cisco IOS Router STIG Standalone XCCDF 1.1.4 - Cisco IOS XE Router NDM RTR STIG for Ansible - Ver 2, Rel 3
Cisco IOS Switch STIG (Y25M04)	Cisco IOS Cisco IOS XE Cisco NX-OS	Defense Information Systems Agency	04/11/2025	Standalone XCCDF 1.1.4 - Cisco IOS XE Switch STIG Standalone XCCDF 1.1.4 - Cisco IOS Switch STIG Standalone XCCDF 1.1.4 - Cisco NX OS Switch STIG

* This checklist is still undergoing review for inclusion into the NCP.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Checklist Program

National Checklist Program

Checklist Repository