U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 19 matching records.

Name (Version) Target Authority Last Modified Resources
Apache Server 2.4 UNIX STIG (Y23M07) Apache HTTP Server 2.4.0
 Defense Information Systems Agency
 07/25/2023 Standalone XCCDF 1.1.4 - Apache Server 2.4 Unix STIG
BlackBerry Enterprise Mobility Server (BEMS) 3.x STIG (Ver 1, Rel 2) BlackBerry Enterprise Mobility Server (BEMS)
 Defense Information Systems Agency
 07/25/2023 Standalone XCCDF 1.1.4 - BlackBerry Enterprise Mobility Server (BEMS) 3.x STIG - Ver 1, Rel 2
Apache Tomcat Application Server 9 STIG (Ver 2, Rel 5) Apache Tomcat 9.0
 Defense Information Systems Agency
 07/25/2023 Standalone XCCDF 1.1.4 - Apache Tomcat Application Server 9 STIG - Ver 2, Rel 5
Apache Benchmark for Unix, Levels I and II (Version 2.1) Apache HTTP Server 1.3
Apache HTTP Server 2.0
 Center for Internet Security (CIS)
 07/03/2023 Prose - Center for Internet Security Benchmark for Apache Web Server v2.1
Apache Server 2.4 Windows STIG (Y23M01) Apache HTTP Server 2.4.0
 Defense Information Systems Agency
 01/17/2023 Standalone XCCDF 1.1.4 - Apache Server 2.4 Windows STIG
SPEC Innovations Innoslate 4.x STIG (Ver 1, Rel 1) SPEC Innovations Innoslate 4.x STIG
 Defense Information Systems Agency
 11/15/2022 Standalone XCCDF 1.1.4 - SPEC Innovations Innoslate 4.x STIG - Ver 1, Rel 1
EDB Postgres Advanced Server v11 for Windows STIG (Ver 2, Rel 2) EDB Postgres Advanced Server
 Defense Information Systems Agency
 08/01/2022 Standalone XCCDF 1.1.4 - EDB Postgres Advanced Server v11 for Windows STIG - Ver 2, Rel 2
CIS Apache Cassandra 3.11 Benchmark (1.0.0) Apache Cassandra 3.11
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS Apache Cassandra 3.11 Benchmark v1.0.0
CIS Apache HTTP Server 2.2 Benchmark (3.6.0) Apache HTTP Server 2.2
 Center for Internet Security (CIS)
 02/11/2022 Prose - CIS Apache HTTP Server 2.2 Benchmark v3.6.0
Ivanti MobileIron Core MDM Server STIG (Ver 1, Rel 1) Ivanti MobileIron Core
 Defense Information Systems Agency
 01/21/2022 Standalone XCCDF 1.1.4 - Ivanti MobileIron Core MDM Server STIG - Ver 1, Rel 1
CIS Apache Tomcat 9 Benchmark (1.1.0) Apache Tomcat 9.0
 Center for Internet Security (CIS)
 12/22/2020 Prose - Apache Tomcat 9 Benchmark v1.1.0
CIS Apache HTTP Server 2.4 Benchmark (2.0.0) Apache HTTP Server 2.4.0
 Center for Internet Security (CIS)
 11/04/2020 Prose - Prose - CIS Apache HTTP Server 2.4 Benchmark v2.0.0
CIS Apache Tomcat 8 Benchmark (1.1.0) Apache Tomcat 8.0
 Center for Internet Security (CIS)
 11/04/2019 Prose - Apache Tomcat 8 Benchmark v1.1.0
Apache 2.0 STIG - Windows (Version 1, Release 5) Apache HTTP Server 2.0
 Defense Information Systems Agency
 09/11/2019 Standalone XCCDF 1.1.4 - Sunset - Apache 2.0 Windows STIG - Ver 1, Rel 5
Web Policy STIG (Version 1, Release 1) Apache HTTP Server 1.3
Apache HTTP Server 2.0
Apache HTTP Server 2.2
Microsoft Internet Information Services
 Defense Information Systems Agency
 09/11/2019 Standalone XCCDF 1.1.4 - Sunset - Web Policy STIG - Ver 1, Rel 1
Apache 2.0 STIG - UNIX (Version 1, Release 5) Apache HTTP Server 2.0
 Defense Information Systems Agency
 09/11/2019 Standalone XCCDF 1.1.4 - Sunset - Apache 2.0 UNIX STIG - Ver 1, Rel 5
CIS Apache Tomcat 7 Benchmark (1.1.0) Apache Tomcat
 Center for Internet Security (CIS)
 08/13/2019 Prose - CIS Apache Tomcat 7 Benchmark v1.1.0
Apache 2.2 STIG - Windows (Version 1, Release 13) Apache HTTP Server 2.2
 Defense Information Systems Agency
 06/05/2019 Standalone XCCDF 1.1.4 - Apache 2.2 STIG Windows - Ver 1, Rel 13
Apache 2.2 STIG - UNIX (Version 1, Release 11) Apache HTTP Server 2.2
 Defense Information Systems Agency
 06/05/2019 Standalone XCCDF 1.1.4 - Apache 2.2 STIG UNIX - Ver 1, Rel 11
* This checklist is still undergoing review for inclusion into the NCP.