U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 868 matching records. Displaying matches 1 through 20.

Name (Version) Target Authority Last Modified Resources
Symantec Edge SWG STIG (Y25M11) Symantec Edge SWG
 Defense Information Systems Agency
 01/08/2026 Standalone XCCDF 1.1.4 - Symantec Edge SWG STIG
F5 NGINX STIG (Ver 1, Rel 1) F5 NGINX
 Defense Information Systems Agency
 01/08/2026 Standalone XCCDF 1.1.4 - F5 NGINX STIG - Ver 1, Rel 1
Adobe ColdFusion STIG (Ver 1, Rel 1) Adobe ColdFusion
 Defense Information Systems Agency
 01/08/2026 Standalone XCCDF 1.1.4 - Adobe ColdFusion STIG - Ver 1, Rel 1
Apple macOS 26 (Tahoe) STIG (Ver 1, Rel 1) Apple macOS (Tahoe) 26.0.0
 Defense Information Systems Agency
 01/08/2026 Standalone XCCDF 1.1.4 - Apple macOS 26 (Tahoe) STIG - Ver 1, Rel 1
Apple iOS/iPadOS 26 STIG (Ver 1, Rel 1) Apple iOS 26
Apple iPadOS 26.0.0
 Defense Information Systems Agency
 01/07/2026 Standalone XCCDF 1.1.4 - Apple iOS/iPadOS 26 STIG - Ver 1, Rel 1
Riverbed NetIM (Y25M09) Riverbed NetIM
 Defense Information Systems Agency
 01/07/2026 Standalone XCCDF 1.1.4 - Riverbed NetIM STIG
Microsoft Azure SQL Managed Instance STIG (Ver 1, Rel 1) Microsoft Azure SQL Managed Instance
 Defense Information Systems Agency
 01/07/2026 Standalone XCCDF 1.1.4 - Microsoft Azure SQL Managed Instance STIG - Ver 1, Rel 1
Samsung Android 16 (Y25M08) Samsung Android 16
 Defense Information Systems Agency
 01/07/2026 Standalone XCCDF 1.1.4 - Samsung Android 16 STIG
Google Android 16 (Y25M08) Google Android 16
 Defense Information Systems Agency
 01/07/2026 Standalone XCCDF 1.1.4 - Google Android 16 STIG
Canonical Ubuntu 22.04 LTS STIG (Ver 2, Rel 6) Canonical Ubuntu 22.04 LTS
 Defense Information Systems Agency
 01/07/2026 SCAP 1.3 Content - Canonical Ubuntu 22.04 LTS STIG SCAP Benchmark - Ver 2, Rel 4
Automated Content - SCC 5.12.1 Ubuntu 18/20 AMD64
Automated Content - SCC 5.12.1 Ubuntu 20/Raspios-bulleye Aarch64
Automated Content - SCC 5.12.1 Ubuntu 22/24 AMD64
Automated Content - SCC 5.12.1 Ubuntu 22/24 ARM64
Standalone XCCDF 1.1.4 - Rev. 4 Sunset - Canonical Ubuntu 22.04 LTS STIG - Ver 1, Rel 1
Standalone XCCDF 1.1.4 - Canonical Ubuntu 22.04 LTS STIG - Ver 2, Rel 6
Standalone XCCDF 1.1.4 - Canonical Ubuntu 22.04 LTS STIG for Ansible - Ver 2, Rel 6
Standalone XCCDF 1.1.4 - Canonical Ubuntu 22.04 LTS STIG for Chef - Ver 2, Rel 6
Amazon Linux 2023 (Ver 1, Rel 1) Amazon Linux
 Defense Information Systems Agency
 01/07/2026 Standalone XCCDF 1.1.4 - Amazon Linux 2023 STIG - Ver 1, Rel 1
Axonius Federal Systems Ax-OS STIG (Ver 1, Rel 1) Axonius Federal Systems Ax-OS
 Defense Information Systems Agency
 01/07/2026 Standalone XCCDF 1.1.4 - Axonius Federal Systems Ax-OS STIG - Ver 1, Rel 1
Cisco IOS XE Switch STIG (Y25M10) Cisco IOS XE
 Defense Information Systems Agency
 01/07/2026 Standalone XCCDF 1.1.4 - Cisco IOS XE Switch STIG
Cisco NX OS Switch STIG (Y25M10) Cisco NX-OS
 Defense Information Systems Agency
 01/07/2026 Standalone XCCDF 1.1.4 - Cisco NX OS Switch STIG
Cisco IOS XR Router STIG (Y25M10) Cisco IOS XR
 Defense Information Systems Agency
 01/07/2026 Standalone XCCDF 1.1.4 - Cisco IOS XR Router STIG
CIS Oracle MySQL Enterprise Edition 8.4 Benchmark (1.1.0) Oracle MySQL Enterprise Edition 8.4
 Center for Internet Security (CIS)
 01/07/2026 Prose - CIS Oracle MySQL Enterprise Edition 8.4 Benchmark v1.1.0
CIS Oracle MySQL Community Server 8.4 Benchmark (1.1.0) Oracle MySQL Community Server 8.4
 Center for Internet Security (CIS)
 01/07/2026 Prose - CIS Oracle MySQL Community Server 8.4 Benchmark v1.1.0
CIS Oracle SaaS Cloud Applications Benchmark (1.0.0) Oracle Cloud Infrastructure
 Center for Internet Security (CIS)
 01/06/2026 Prose - CIS Oracle SaaS Cloud Applications Benchmark v1.0.0
CIS Microsoft Azure Foundations Benchmark (5.0.0) Microsoft Azure
 Center for Internet Security (CIS)
 01/06/2026 Prose - CIS Microsoft Azure Foundations Benchmark v5.0.0
CIS DigitalOcean Services Benchmark (1.0.0) DigitalOcean Cloud Infrastructure
 Center for Internet Security (CIS)
 01/06/2026 Prose - CIS DigitalOcean Services Benchmark v1.0.0
* This checklist is still undergoing review for inclusion into the NCP.