Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
security checklists (or benchmarks) that provide detailed low level
guidance on setting the security configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Security
Content Automation Protocol (SCAP). SCAP enables validated
security products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 896
matching records. Displaying matches 1 through 20.
| Name (Version) |
Target |
Authority |
Last Modified |
Resources |
| United States Government Configuration Baseline for SUSE Industrial Edge (1.x) |
SUSE Industrial Edge
|
Mission IT
|
07/13/2026 |
SCAP 1.3 Content - (SCAP Datastream) United States Government Baseline for SUSE Industrial Edge
Prose - (HTML) United States Government Configuration Baseline for SUSE Industrial Edge
|
| Nokia Service Router (SR) OS 25.x STIG (Y26M04) |
Nokia Service Router Operating System 25.10 R1 Nokia Service Router Operating System 25.7 R1 Nokia Service_router_operating_system 25.3 R1
|
Defense Information Systems Agency
|
07/07/2026 |
Standalone XCCDF 1.1.4 - Nokia Service Router (SR) OS 25.x STIG
|
| AvePoint Fly Server STIG (Ver 1, Rel 1) |
AvePoint Fly Server
|
Defense Information Systems Agency
|
07/07/2026 |
Standalone XCCDF 1.1.4 - AvePoint Fly Server STIG - Ver 1, Rel 1
|
| CIS Microsoft Azure Storage Services Benchmark (2.0.0) |
Microsoft Azure
|
Center for Internet Security (CIS)
|
07/06/2026 |
Prose - CIS Microsoft Azure Storage Services Benchmark
|
| Omnissa Workspace ONE UEM STIG (Y26M05) |
Omnissa Workspace ONE UEM (Unified Endpoint Management)
|
Defense Information Systems Agency
|
07/06/2026 |
Standalone XCCDF 1.1.4 - Omnissa Workspace ONE UEM STIG
|
| Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (Y26M04) |
IBM z/OS Version 2, Release 5 IBM z/OS Version 3, Release 1
|
Vanguard Integrity Professionals, Inc.
|
07/02/2026 |
ZIP - Vanguard z/OS RACF Checklist Y26M04 PDF version
ZIP - Vanguard z/OS RACF Checklist Y26M04 XML version
|
| Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (Y26M01) |
IBM z/OS Version 2, Release 5 IBM z/OS Version 3, Release 1
|
Vanguard Integrity Professionals, Inc.
|
06/29/2026 |
ZIP - https://www.go2vanguard.com/NIST/Vanguards_zOS_DOD_DISA_STIG_PDF_Y26M01
ZIP - Vanguard z/OS RACF Checklist Y26M01 XML version
|
| CIS Oracle MySQL Community Server 8.0 Benchmark (1.2.0) |
Oracle MySQL Community Server 8.0
|
Center for Internet Security (CIS)
|
05/28/2026 |
Prose - CIS Oracle MySQL Community Server 8.0 Benchmark v1.2.0
|
| CIS IBM Db2 12.1 Benchmark (1.0.0) |
IBM Db2 12.1
|
Center for Internet Security (CIS)
|
05/28/2026 |
Prose - CIS IBM Db2 12.1 Benchmark v1.0.0
|
| CIS PostgreSQL 18 Benchmark (1.0.0) |
PostgreSQL 18
|
Center for Internet Security (CIS)
|
05/28/2026 |
Prose - CIS PostgreSQL 18 Benchmark v1.0.0
|
| CIS Oracle Database 26ai Benchmark (1.0.0) |
Oracle Database 26ai
|
Center for Internet Security (CIS)
|
05/28/2026 |
Prose - CIS Oracle Database 26ai Benchmark
|
| Google Cloud Platform Foundations Benchmark (3.0.0) |
Google Cloud Platform
|
Center for Internet Security (CIS)
|
05/11/2026 |
Prose - Google Cloud Platform Foundations Benchmark
|
| CIS Apple iOS 15 and iPadOS 15 Benchmark (1.1.0) |
Apple iOS/iPadOS 15
|
Center for Internet Security (CIS)
|
04/27/2026 |
Prose - CIS Apple iOS 15 and iPadOS 15 Benchmark v1.1.0
|
| CIS Microsoft Azure Database Services Benchmark (2.0.0) |
Microsoft Azure
|
Center for Internet Security (CIS)
|
04/21/2026 |
Prose - CIS Microsoft Azure Database Services Benchmark v2.0.0
|
| CIS Microsoft Azure Foundations Benchmark (6.0.0) |
Microsoft Azure
|
Center for Internet Security (CIS)
|
04/21/2026 |
Prose - CIS Microsoft Azure Foundations Benchmark v6.0.0
|
| Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (Y25M10) |
IBM z/OS Version 2, Release 5 IBM z/OS Version 3, Release 1
|
Vanguard Integrity Professionals, Inc.
|
04/17/2026 |
ZIP - Vanguard z/OS RACF Checklist Y25M10 PDF version
ZIP - Vanguard z/OS RACF Checklist Y25M10 XML version
|
| Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (6.62-95) |
IBM z/OS Version 2, Release 5 IBM z/OS Version 3, Release 1
|
Vanguard Integrity Professionals, Inc.
|
04/17/2026 |
ZIP - ZIP - Vanguard z/OS RACF Checklist 6.62/95 PDF version
ZIP - ZIP - Vanguard z/OS RACF Checklist 6.62/95 XML version
|
| Tri-Lab Operating System Stack (TOSS) 5 STIG (Ver 1, Rel 1) |
Tri-Lab Operating System Stack (TOSS)
|
Defense Information Systems Agency
|
04/07/2026 |
Standalone XCCDF 1.1.4 - Tri-Lab Operating System Stack (TOSS) 5 STIG - Ver 1, Rel 1
|
| United States Government Configuration Baseline for Claroty CTD 5.x (checklist v0.1) |
Claroty CTD 5.x
|
Mission IT
|
04/03/2026 |
SCAP 1.3 Content - United States Government Configuration Baseline for Claroty CTD 5.x
Machine-Readable Format - DISA STIG Viewer Checklist for Claroty CTD 5.x U.S. Government Configuration Baseline
Reference Link - HOW TO VIDEO: Using the Claroty U.S. Government Configuration Baseline with DISA STIG Viewer
Security Template - ATO SUPPORT: Control Mappings to NIST 800-53 Rev5
Security Template - ATO SUPPORT: Control Mappings to DoD SRG and DoD STIG
|
| eLxr Pro (12) |
Wind River eLxr Pro 12.10
|
Wind River Systems, Inc.
|
03/24/2026 |
Standalone XCCDF 1.1.4 - eLxr Pro 12 STIG
|
* This checklist is still undergoing review for
inclusion into the NCP.