U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 631 matching records. Displaying matches 141 through 160.

Name (Version) Target Authority Last Modified Resources
IBM Hardware Management Console (HMC) STIG (Y23M04) IBM z/OS Version 1 Release 10
IBM z/OS Version 1 Release 11
IBM z/OS Version 1 Release 12
 Defense Information Systems Agency
 04/28/2023 Standalone XCCDF 1.1.4 - IBM Hardware Management Console (HMC) STIG
CIS IBM Db2 13 for z/OS Benchmark (V1.0.0) IBM Db2 13.0 for z/OS
 IBM Corporation
 04/21/2023 Prose - CIS IBM Db2 13 for z/OS Benchmark v1.0.0
CIS IBM z/OS V2R5 with RACF Benchmark (v1.0.0) IBM RACF
IBM z/OS
 IBM Corporation
 04/21/2023 Prose - CIS IBM z/OS V2R5 with RACF Benchmark
Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (6.54-87) IBM z/OS Version 2, Release 4
IBM z/OS Version 2, Release 5
IBM z/OS Version 2.3
 Vanguard Integrity Professionals, Inc.
 04/18/2023 ZIP - Vanguard z/OS RACF Checklist 6.54/8.7 PDF version
ZIP - Vanguard z/OS RACF Checklist 6.54/8.7 XML version
Windows Server 2022 STIG with Ansible (Ver 1, Rel 1) Microsoft Windows Server 2022
 Defense Information Systems Agency
 04/13/2023 Standalone XCCDF 1.1.4 - Windows Server 2022 STIG with Ansible - Ver 1, Rel 1
AvePoint Compliance Guardian STIG (Ver 1, Rel 1) AvePoint Compliance Guardian
 Defense Information Systems Agency
 04/12/2023 Standalone XCCDF 1.1.4 - AvePoint Compliance Guardian STIG - Ver 1, Rel 1
Nutanix AOS 5.20.x STIG (Ver 1, Rel 1) Nutanix AOS
 Defense Information Systems Agency
 04/06/2023 Standalone XCCDF 1.1.4 - Nutanix AOS 5.20.x STIG - Ver 1, Rel 1
Riverbed NetProfiler STIG (Ver 1, Rel 1) Riverbed NetProfiler
 Defense Information Systems Agency
 03/20/2023 Standalone XCCDF 1.1.4 - Riverbed NetProfiler STIG - Ver 1, Rel 1
Arista MLS EOS 4.2x STIG (Y23M02) Arista Multi-Layer Switch Extensible Operating System (MLS EOS) 4.2
 Defense Information Systems Agency
 03/20/2023 Standalone XCCDF 1.1.4 - Arista MLS EOS 4.2x STIG
CIS BIND Benchmark (v2.0.0) ISC Bind 9.2.4
ISC Bind 9.3.1
 Center for Internet Security (CIS)
 02/27/2023 Prose - CIS BIND Benchmark v2.0.0
Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (6.54-88) IBM z/OS Version 2, Release 3
IBM z/OS Version 2, Release 4
IBM z/OS Version 2, Release 5
 Vanguard Integrity Professionals, Inc.
 02/06/2023 ZIP - anguard z/OS RACF Checklist 6.54/8.7 PDF version
ZIP - Vanguard z/OS RACF Checklist 6.54/8.7 XML version
Samsung Android 13 with Knox 3.x STIG (Y23M01) Google Android 13
 Defense Information Systems Agency
 01/31/2023 Standalone XCCDF 1.1.4 - Samsung Android 13 with Knox 3.x STIG
Oracle Linux 6 STIG (Version 2, Release 7) Oracle Linux 6
 Defense Information Systems Agency
 01/17/2023 Standalone XCCDF 1.1.4 - Sunset - Oracle Linux 6 STIG - Ver 2, Rel 7
Google Android 10.x STIG (Ver 2, Rel 1) Google Android 10.0
 Defense Information Systems Agency
 01/17/2023 Standalone XCCDF 1.1.4 - Sunset - Google Android 10 STIG - Ver 2, Rel 1
NetApp ONTAP DSC 9.X STIG (Ver 1, Rel 3) NetApp ONTAP DSC 9.x
 Defense Information Systems Agency
 01/17/2023 Standalone XCCDF 1.1.4 - NetApp ONTAP DSC 9.x STIG - Ver 1, Rel 3
Oracle HTTP Server 12.1.3 STIG (Version 2, Release 2) Oracle HTTP Server 12.1.3 STIG, Version 1, Release 1
 Defense Information Systems Agency
 01/17/2023 Standalone XCCDF 1.1.4 - Oracle HTTP Server 12.1.3 STIG - Ver 2, Rel 2
Apache Server 2.4 Windows STIG (Y23M01) Apache HTTP Server 2.4.0
 Defense Information Systems Agency
 01/17/2023 Standalone XCCDF 1.1.4 - Apache Server 2.4 Windows STIG
Tanium 7.x on TanOS STIG (Ver 1, Rel 1) Tanium 7.x
 Defense Information Systems Agency
 01/05/2023 Standalone XCCDF 1.1.4 - Tanium 7.x on TanOS STIG - Ver 1, Rel 1
Microsoft Android 11 STIG (Version 1, Release 1) Google Android 11.0
 Defense Information Systems Agency
 12/20/2022 Standalone XCCDF 1.1.4 - Microsoft Android 11 STIG
Google Android 13 STIG (Ver 1, Rel 1) Google Android 13
 Defense Information Systems Agency
 12/17/2022 Standalone XCCDF 1.1.4 - Google Android 13 STIG - Ver 1, Rel 1
* This checklist is still undergoing review for inclusion into the NCP.