Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
security checklists (or benchmarks) that provide detailed low level
guidance on setting the security configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Security
Content Automation Protocol (SCAP). SCAP enables validated
security products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 151
matching records. Displaying matches 1 through 20.
| Name (Version) |
Target |
Authority |
Last Modified |
Resources |
| Red Hat Enterprise Linux 10 (Ver 1, Rel 1) |
Redhat Enterprise Linux 10.0
|
Defense Information Systems Agency
|
03/20/2026 |
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 10 STIG - Ver 1, Rel 1
|
| MongoDB 8.x STIG (Ver 1, Rel 1) |
Mongodb Mongodb 8.0.0
|
Defense Information Systems Agency
|
03/03/2026 |
Standalone XCCDF 1.1.4 - MongoDB Enterprise Advanced 8.x STIG - Ver 1, Rel
|
| Amazon Linux 2023 (Ver 1, Rel 3) |
Amazon Linux
|
Defense Information Systems Agency
|
02/17/2026 |
Standalone XCCDF 1.1.4 - Amazon Linux 2023 STIG - Ver 1, Rel 3
|
| Oracle Linux 8 STIG (Ver 2, Rel 8) |
Oracle Linux 8.0
Oracle Linux 8.0
Oracle Linux 8.0
|
Defense Information Systems Agency
|
02/13/2026 |
SCAP 1.2 Content - Sunset - Oracle Linux 8 STIG Benchmark - Ver 1, Re
SCAP 1.3 Content - Oracle Linux 8 STIG SCAP Benchmark - Ver 2, Rel 8
Automated Content - SCC 5.14 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 Aarch64
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 x86 64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 Aarch64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 x86 64
Standalone XCCDF 1.1.4 - Oracle Linux 8 STIG - Ver 2, Rel 8
Standalone XCCDF 1.1.4 - Oracle Linux 8 STIG for Ansible - Ver 2, Rel 8
|
| Oracle Linux 7 STIG (Ver 3, Rel 4) |
Oracle Linux 7
|
Defense Information Systems Agency
|
02/13/2026 |
SCAP 1.3 Content - Sunset - Oracle Linux 7 STIG Benchmark - Ver 3, Rel 3
Automated Content - SCC 5.14 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86 64
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 Aarch64
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 x86 64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 Aarch64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 x86 64
Standalone XCCDF 1.1.4 - Sunset - Oracle Linux 7 STIG - Ver 3, Rel 5
|
| Oracle Linux 9 STIG (Ver 1, Rel 5) |
Oracle Linux 9.0
Oracle Linux 9.0
Oracle Linux 9.0
|
Defense Information Systems Agency
|
02/13/2026 |
SCAP 1.3 Content - Oracle Linux 9 STIG SCAP Benchmark - Ver 1, Rel 3
Automated Content - SCC 5.14 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 Aarch64
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 x86 64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 Aarch64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 x86 64
Standalone XCCDF 1.1.4 - Oracle Linux 9 STIG - Ver 1, Rel 5
Standalone XCCDF 1.1.4 - Oracle Linux 9 STIG for Ansible - Ver 1, Rel 5
Standalone XCCDF 1.1.4 - Oracle Linux 9 STIG for Chef - Ver 1, Rel 5
|
| SUSE Linux Enterprise Server (SLES) 12 STIG (Ver 3, Rel 5) |
SUSE Linux Enterprise Server 12.0
SUSE Linux Enterprise Server 12.0
SUSE Linux Enterprise Server 12.0
|
Defense Information Systems Agency
|
02/13/2026 |
SCAP 1.3 Content - Sunset - SUSE Linux Enterprise Server 12 STIG SCAP
Automated Content - SCC 5.14 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 Aarch64
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 x86 64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 Aarch64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 x86 64
Standalone XCCDF 1.1.4 - Sunset - SUSE Linux Enterprise Server 12 STIG - Ve
|
| SUSE Linux Enterprise Server (SLES) 15 STIG (Version 2, Release 7) |
SUSE Linux Enterprise Server 15
|
Defense Information Systems Agency
|
02/13/2026 |
SCAP 1.2 Content - Sunset - SUSE Linux Enterprise Server 15 STIG Benc
SCAP 1.3 Content - SUSE Linux Enterprise Server 15 STIG SCAP Benchmar
Automated Content - SCC 5.14 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 Aarch64
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 x86 64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 Aarch64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 x86 64
Standalone XCCDF 1.1.4 - SUSE Linux Enterprise Server 15 STIG - Ver 2, Rel
|
| Red Hat Enterprise Linux 8 STIG (Ver 2, Rel 7) |
Red Hat Enterprise Linux 8.0
|
Defense Information Systems Agency
|
02/13/2026 |
SCAP 1.2 Content - Sunset - Red Hat Enterprise Linux 8 STIG Benchmark
SCAP 1.3 Content - Red Hat Enterprise Linux 8 STIG SCAP Benchmark - V
Automated Content - SCC 5.14 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 Aarch64
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 x86 64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 Aarch64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 x86 64
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 8 STIG for Chef - Ver 1,
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 8 STIG - Ver 2, Rel 7
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 8 STIG for Ansible - Ver
|
| Red Hat Enterprise Linux 9 (Ver 2, Rel 8) |
Red Hat Enterprise Linux 9.0
|
Defense Information Systems Agency
|
02/13/2026 |
SCAP 1.3 Content - Sunset - Red Hat Enterprise Linux 9 Benchmark - Ve
SCAP 1.3 Content - Red Hat Enterprise Linux 9 STIG SCAP Benchmark - V
Automated Content - SCC 5.14 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 Aarch64
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 x86 64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 Aarch64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 x86 64
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 9 STIG - Ver 2, Rel 8
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 9 STIG for Ansible- Ver 2
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 9 STIG for Chef - Ver 2,
|
| Red Hat Enterprise Linux 7 STIG (Ver 3, Rel 15) |
Red Hat Enterprise Linux 7.0
|
Defense Information Systems Agency
|
02/13/2026 |
SCAP 1.3 Content - Sunset - Red Hat Enterprise Linux 7 STIG Benchmark - Ver 3, Rel 15
Automated Content - SCC 5.14 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86 64
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 Aarch64
Automated Content - SCC 5.14 RHEL 8/Oracle Linux 8 x86 64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 Aarch64
Automated Content - SCC 5.14 RHEL 9/Oracle Linux 9 x86 64
Standalone XCCDF 1.1.4 - Sunset - Red Hat Enterprise Linux 7 STIG for Ansible - Ver 3, Rel 14
Standalone XCCDF 1.1.4 - Sunset - Red Hat Enterprise Linux 7 STIG - Ver 3, Rel 15
Standalone XCCDF 1.1.4 - Sunset - Red Hat Enterprise Linux 7 STIG for Chef - Ver 3, Rel 8
|
| Red Hat Ansible Automation Controller STIG (Y26M01) |
Red Hat Ansible Automation Controller
|
Defense Information Systems Agency
|
01/23/2026 |
Standalone XCCDF 1.1.4 - Red Hat Ansible Automation Controller STIG
|
| Cloud Linux AlmaLinux OS 9 STIG (Ver 1, Rel 6) |
AlmaLinux OS 9
|
Defense Information Systems Agency
|
01/23/2026 |
Standalone XCCDF 1.1.4 - Cloud Linux AlmaLinux OS 9 STIG - Ver 1, Rel 6
|
| SUSE Linux Enterprise Server (SLES) 15 STIG for Ansible (Ver 2, Rel 7) |
SUSE Linux Enterprise Server 15
|
Defense Information Systems Agency
|
01/23/2026 |
Standalone XCCDF 1.1.4 - SUSE Linux Enterprise Server 15 for Ansible - Ver
|
| SUSE Linux Enterprise Micro 5 STIG (Ver 1, Rel 4) |
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Micro 5.4
SUSE Linux Enterprise Micro 5.5
|
Defense Information Systems Agency
|
01/23/2026 |
Standalone XCCDF 1.1.4 - SUSE Linux Enterprise Micro 5 STIG - Ver 1, Rel 4
|
| MariaDB Enterprise 10.x STIG (Ver 2, Rel 5) |
MariaDB Enterprise Server 10.x
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - MariaDB Enterprise 10.x STIG - Ver 2, Rel 5
|
| EnterpriseDB Postgres Advanced Server (EPAS) STIG (Ver 2, Rel 1) |
EDB Postgres Advanced Server
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Sunset - EDB Postgres Advanced Server v9.6 STIG - Ver 2, Rel 3
Standalone XCCDF 1.1.4 - EnterpriseDB Postgres Advanced Server (EPAS) STIG - Ver 2, Rel 1
|
| Apache Tomcat Application Server 9 STIG (Ver 3, Rel 4) |
Apache Tomcat 9.0
|
Defense Information Systems Agency
|
01/21/2026 |
Standalone XCCDF 1.1.4 - Apache Tomcat Application Server 9 STIG - Ver 3, R
|
| CIS Oracle MySQL Enterprise Edition 8.4 Benchmark (1.1.0) |
Oracle MySQL Enterprise Edition 8.4
|
Center for Internet Security (CIS)
|
01/07/2026 |
Prose - CIS Oracle MySQL Enterprise Edition 8.4 Benchmark v1.1.0
|
| CIS Oracle MySQL Community Server 8.4 Benchmark (1.1.0) |
Oracle MySQL Community Server 8.4
|
Center for Internet Security (CIS)
|
01/07/2026 |
Prose - CIS Oracle MySQL Community Server 8.4 Benchmark v1.1.0
|
* This checklist is still undergoing review for
inclusion into the NCP.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
