U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 588 matching records. Displaying matches 121 through 140.

Name (Version) Target Authority Last Modified Resources
CIS Oracle MySQL Community Server 5.6 Benchmark (2.0.0) MySQL 5.6
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS ORACLE MYSQL COMMUNITY SERVER 5.6 BENCHMARK V2.0.0
CIS Oracle MySQL Community Server 5.7 Benchmark (2.0.0) Oracle MySQL Community Server 5.7
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS Oracle MySQL Community Server 5.7 Benchmark v2.0.0
CIS Palo Alto Firewall 8 Benchmark (1.0.0) Palo Alto Networks Network Device Management (NDM)
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS Palo Alto Firewall 8 Benchmark, 1.0.0
CIS Google Cloud Platform Foundation Benchmark (1.1.0) Google Cloud Computing Platform
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS Google Cloud Platform Foundation Benchmark v1.1.0
Palo Alto Networks Application Layer Gateway (ALG) STIG (Version 2, Release 1) Palo Alto Networks Application Layer Gateway (ALG)
 Defense Information Systems Agency
 04/27/2022 Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
CIS ISC BIND DNS Server 9.9 Benchmark (3.0.1) ISC BIND 9.9
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS ISC BIND DNS Server 9.9 Benchmark v3.0.1
Palo Alto Networks Network Device Management (NDM) STIG (Ver 2, Rel 1) Palo Alto Networks Network Device Management (NDM)
 Defense Information Systems Agency
 04/27/2022 Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
CIS Apache Cassandra 3.11 Benchmark (1.0.0) Apache Cassandra 3.11
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS Apache Cassandra 3.11 Benchmark v1.0.0
Apple OS X 10.14 (Mojave) STIG (Ver 2, Rel 6) Apple OS X 10.14
 Defense Information Systems Agency
 04/25/2022 Standalone XCCDF 1.1.4 - Sunset - Apple macOS 10.14 STIG - Ver 2, Rel 6
Apple OS X 10.13 STIG (Ver 2, Rel 5) Apple macOS 10.13
 Defense Information Systems Agency
 04/25/2022 Standalone XCCDF 1.1.4 - Sunset - Apple macOS 10.13 STIG - Ver 2, Rel 5
Palo Alto Networks Intrusion Detection and Prevention System (IDPS) STIG (Version 2, Release 1) Palo Alto Networks Intrusion Detection and Prevention System
 Defense Information Systems Agency
 04/25/2022 Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
MongoDB Enterprise Advanced 3.x STIG (Ver 2, Rel 1) MongoDB 3.2
MongoDB 3.4
 Defense Information Systems Agency
 04/25/2022 Standalone XCCDF 1.1.4 - MongoDB Enterprise Advanced 3.x STIG - Ver 2, Rel 1
Cisco ISE STIG (Y22M04) Cisco Identity Services Engine
 Defense Information Systems Agency
 04/25/2022 Standalone XCCDF 1.1.4 - Cisco ISE STIG
MongoDB Enterprise Advanced 4.x STIG (Ver 1, Rel 1) MongoDB 4.0
 Defense Information Systems Agency
 04/04/2022 Standalone XCCDF 1.1.4 - MongoDB Enterprise Advanced 4.x STIG - Ver 1, Rel 1
Big Sur Guidance (Revision 5) Apple macOS 11.0 (Big Sur)
 NIST, macOS Security Compliance Project
 03/18/2022 SCAP 1.3 Content - Big Sur Guidance
Catalina Guidance (Revision 6) Apple OS X 10.15
 NIST, macOS Security Compliance Project
 03/18/2022 SCAP 1.3 Content - Catalina Guidance
CIS Oracle Database 8i Benchmark (v1.2.0) Oracle Database 8i
 Center for Internet Security (CIS)
 03/15/2022 Prose - CIS Oracle Database 8i Benchmark v1.2.0
Honeywell Android 9.x STIG (Version 1, Release 1) Google Android 9.x
 Defense Information Systems Agency
 03/09/2022 Standalone XCCDF 1.1.4 - Honeywell Android 9.x STIG
Apache Tomcat Application Server 9 STIG (Ver 2, Rel 4) Apache Tomcat 9.0
 Defense Information Systems Agency
 02/22/2022 Standalone XCCDF 1.1.4 - Apache Tomcat Application Server 9 STIG - Ver 2, Rel 4
CIS Apache HTTP Server 2.2 Benchmark (3.6.0) Apache HTTP Server 2.2
 Center for Internet Security (CIS)
 02/11/2022 Prose - CIS Apache HTTP Server 2.2 Benchmark v3.6.0
* This checklist is still undergoing review for inclusion into the NCP.