Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
security checklists (or benchmarks) that provide detailed low level
guidance on setting the security configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Security
Content Automation Protocol (SCAP). SCAP enables validated
security products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Please note that the current search fields have been adjusted to
reflect NIST SP 800-70 Revision 4.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 19
matching records.
Name (Version) |
Target |
Authority |
Last Modified |
Resources |
Apache Server 2.4 UNIX STIG (Y23M07) |
Apache HTTP Server 2.4.0
|
Defense Information Systems Agency
|
07/25/2023 |
Standalone XCCDF 1.1.4 - Apache Server 2.4 Unix STIG
|
BlackBerry Enterprise Mobility Server (BEMS) 3.x STIG (Ver 1, Rel 2) |
BlackBerry Enterprise Mobility Server (BEMS)
|
Defense Information Systems Agency
|
07/25/2023 |
Standalone XCCDF 1.1.4 - BlackBerry Enterprise Mobility Server (BEMS) 3.x STIG - Ver 1, Rel 2
|
Apache Tomcat Application Server 9 STIG (Ver 2, Rel 5) |
Apache Tomcat 9.0
|
Defense Information Systems Agency
|
07/25/2023 |
Standalone XCCDF 1.1.4 - Apache Tomcat Application Server 9 STIG - Ver 2, Rel 5
|
Apache Benchmark for Unix, Levels I and II (Version 2.1) |
Apache HTTP Server 1.3 Apache HTTP Server 2.0
|
Center for Internet Security (CIS)
|
07/03/2023 |
Prose - Center for Internet Security Benchmark for Apache Web Server v2.1
|
Apache Server 2.4 Windows STIG (Y23M01) |
Apache HTTP Server 2.4.0
|
Defense Information Systems Agency
|
01/17/2023 |
Standalone XCCDF 1.1.4 - Apache Server 2.4 Windows STIG
|
SPEC Innovations Innoslate 4.x STIG (Ver 1, Rel 1) |
SPEC Innovations Innoslate 4.x STIG
|
Defense Information Systems Agency
|
11/15/2022 |
Standalone XCCDF 1.1.4 - SPEC Innovations Innoslate 4.x STIG - Ver 1, Rel 1
|
EDB Postgres Advanced Server v11 for Windows STIG (Ver 2, Rel 2) |
EDB Postgres Advanced Server
|
Defense Information Systems Agency
|
08/01/2022 |
Standalone XCCDF 1.1.4 - EDB Postgres Advanced Server v11 for Windows STIG - Ver 2, Rel 2
|
CIS Apache Cassandra 3.11 Benchmark (1.0.0) |
Apache Cassandra 3.11
|
Center for Internet Security (CIS)
|
04/27/2022 |
Prose - CIS Apache Cassandra 3.11 Benchmark v1.0.0
|
CIS Apache HTTP Server 2.2 Benchmark (3.6.0) |
Apache HTTP Server 2.2
|
Center for Internet Security (CIS)
|
02/11/2022 |
Prose - CIS Apache HTTP Server 2.2 Benchmark v3.6.0
|
Ivanti MobileIron Core MDM Server STIG (Ver 1, Rel 1) |
Ivanti MobileIron Core
|
Defense Information Systems Agency
|
01/21/2022 |
Standalone XCCDF 1.1.4 - Ivanti MobileIron Core MDM Server STIG - Ver 1, Rel 1
|
CIS Apache Tomcat 9 Benchmark (1.1.0) |
Apache Tomcat 9.0
|
Center for Internet Security (CIS)
|
12/22/2020 |
Prose - Apache Tomcat 9 Benchmark v1.1.0
|
CIS Apache HTTP Server 2.4 Benchmark (2.0.0) |
Apache HTTP Server 2.4.0
|
Center for Internet Security (CIS)
|
11/04/2020 |
Prose - Prose - CIS Apache HTTP Server 2.4 Benchmark v2.0.0
|
CIS Apache Tomcat 8 Benchmark (1.1.0) |
Apache Tomcat 8.0
|
Center for Internet Security (CIS)
|
11/04/2019 |
Prose - Apache Tomcat 8 Benchmark v1.1.0
|
Apache 2.0 STIG - Windows (Version 1, Release 5) |
Apache HTTP Server 2.0
|
Defense Information Systems Agency
|
09/11/2019 |
Standalone XCCDF 1.1.4 - Sunset - Apache 2.0 Windows STIG - Ver 1, Rel 5
|
Web Policy STIG (Version 1, Release 1) |
Apache HTTP Server 1.3 Apache HTTP Server 2.0 Apache HTTP Server 2.2 Microsoft Internet Information Services
|
Defense Information Systems Agency
|
09/11/2019 |
Standalone XCCDF 1.1.4 - Sunset - Web Policy STIG - Ver 1, Rel 1
|
Apache 2.0 STIG - UNIX (Version 1, Release 5) |
Apache HTTP Server 2.0
|
Defense Information Systems Agency
|
09/11/2019 |
Standalone XCCDF 1.1.4 - Sunset - Apache 2.0 UNIX STIG - Ver 1, Rel 5
|
CIS Apache Tomcat 7 Benchmark (1.1.0) |
Apache Tomcat
|
Center for Internet Security (CIS)
|
08/13/2019 |
Prose - CIS Apache Tomcat 7 Benchmark v1.1.0
|
Apache 2.2 STIG - Windows (Version 1, Release 13) |
Apache HTTP Server 2.2
|
Defense Information Systems Agency
|
06/05/2019 |
Standalone XCCDF 1.1.4 - Apache 2.2 STIG Windows - Ver 1, Rel 13
|
Apache 2.2 STIG - UNIX (Version 1, Release 11) |
Apache HTTP Server 2.2
|
Defense Information Systems Agency
|
06/05/2019 |
Standalone XCCDF 1.1.4 - Apache 2.2 STIG UNIX - Ver 1, Rel 11
|
* This checklist is still undergoing review for
inclusion into the NCP.