U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 804 matching records. Displaying matches 161 through 180.

Name (Version) Target Authority Last Modified Resources
Microsoft Outlook 2016 STIG (Version 2, Release 3) Microsoft Outlook 2016
Defense Information Systems Agency
06/10/2024 GPOs - Group Policy Objects (GPOs) - April 2024
Standalone XCCDF 1.1.4 - Microsoft Outlook 2016 STIG - Ver 2, Rel 3
Adobe Acrobat Professional DC Continuous Track STIG (Ver 2, Rel 1) Adobe Acrobat Pro DC Continuous Track
Defense Information Systems Agency
06/10/2024 GPOs - Group Policy Objects (GPOs) - April 2024
Standalone XCCDF 1.1.4 - Adobe Acrobat Professional DC Continuous Track STIG - Ver 2, Rel 1
Microsoft Visio 2016 STIG (Version 1, Release 2) Microsoft Visio 2016
Defense Information Systems Agency
06/10/2024 GPOs - Group Policy Objects (GPOs) - April 2024
Standalone XCCDF 1.1.4 - Microsoft Visio 2016 STIG - Ver 1, Rel 1
Microsoft Project 2016 STIG (Version 1, Release 2) Microsoft Project 2016
Defense Information Systems Agency
06/10/2024 GPOs - Group Policy Objects (GPOs) - April 2024
Standalone XCCDF 1.1.4 - Microsoft Project 2016 STIG - Ver 1, Rel 1
Microsoft Word 2016 STIG (Version 1, Release 2) Microsoft Word 2016
Defense Information Systems Agency
06/10/2024 GPOs - Group Policy Objects (GPOs) - April 2024
Standalone XCCDF 1.1.4 - Microsoft Word 2016 STIG - Ver 1, Rel 1
Microsoft Access 2016 STIG (Version 1, Release 2) Microsoft Access 2016
Defense Information Systems Agency
06/10/2024 GPOs - Group Policy Objects (GPOs) - April 2024
Standalone XCCDF 1.1.4 - Microsoft Access 2016 STIG - Ver 1, Rel 1
SUSE Linux Enterprise Server (SLES) v11 for System z STIG (Version 1, Release 12) Novell SUSE Enterprise Linux Server 11
Defense Information Systems Agency
06/10/2024 Standalone XCCDF 1.1.4 - SLES V11 for System z STIG - Ver 1, Rel 12
Microsoft One Drive for Business 2016 STIG (Version 2, Release 3) Microsoft One Drive for Business 2016
Defense Information Systems Agency
06/10/2024 GPOs - Group Policy Objects (GPOs) - April 2024
Standalone XCCDF 1.1.4 - Microsoft OneDrive STIG - Ver 2, Rel 3
Microsoft Outlook 2013 STIG (Version 1, Release 13) Microsoft Outlook 2013
Defense Information Systems Agency
06/10/2024 GPOs - Group Policy Objects (GPOs) - April 2024
Standalone XCCDF 1.1.4 - Microsoft Outlook 2013 STIG - Ver 1, Rel 13
VMWare Horizon 7.13 STIG (Y24M04) VMWare Horizon
Defense Information Systems Agency
06/10/2024 Standalone XCCDF 1.1.4 - Sunset - VMware Horizon 7.13 STIG
Microsoft Excel 2016 STIG (Version 2, Release 1) Microsoft Excel 2016
Defense Information Systems Agency
06/10/2024 GPOs - Group Policy Objects (GPOs) - April 2024
Standalone XCCDF 1.1.4 - Microsoft Excel 2016 STIG - Ver 2, Rel 1
SUSE Linux Enterprise Server (SLES) 12 STIG (Ver 2, Rel 13) SUSE Linux Enterprise Server 12.0
Defense Information Systems Agency
06/10/2024 SCAP 1.2 Content - SUSE Linux Enterprise Server 12 STIG Benchmark - Ver 2, Rel 11
Standalone XCCDF 1.1.4 - SUSE Linux Enterprise Server 12 STIG - Ver 2, Rel 13
Microsoft Office System 2016 STIG (Version 2, Release 3) Microsoft Office 2016
Defense Information Systems Agency
06/10/2024 GPOs - Group Policy Objects (GPOs) - April 2024
Standalone XCCDF 1.1.4 - Microsoft Office System 2016 STIG - Ver 2, Rel 3
Google Android 13 BYOAD STIG (Y24 M04) Google Android 13
Defense Information Systems Agency
06/10/2024 Standalone XCCDF 1.1.4 - Google Android 13 BYOAD STIG
Apple macOS 13 STIG (Ver 1, Rel 4) Apple macOS 13.0 (Ventura)
Defense Information Systems Agency
06/10/2024 Standalone XCCDF 1.1.4 - Apple macOS 13 (Ventura) STIG - Ver 1, Rel 4
BIND 9.x STIG (Ver 2, Rel 3) BIND 9.x
Defense Information Systems Agency
06/10/2024 Standalone XCCDF 1.1.4 - BIND 9.x STIG - Ver 2, Rel 3
Red Hat Jboss Enterprise Application Platform (EAP) 6.3 STIG (Ver 2, Rel 4) Red Hat JBoss Enterprise Application Platform 6.3.0
Defense Information Systems Agency
06/10/2024 Standalone XCCDF 1.1.4 - Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG - Ver 2, Rel 4
Active Directory Domain STIG (Ver 3, Rel 4) Microsoft Active Directory
Defense Information Systems Agency
06/10/2024 Standalone XCCDF 1.1.4 - Active Directory Domain STIG - Ver 3, Rel 4
CIS Oracle Solaris 11.1 Benchmark (1.0.0) Oracle Solaris 11.1
Center for Internet Security (CIS)
06/10/2024 Prose - CIS Oracle Solaris 11.1 Benchmark v1.0.0
CIS Google Container-Optimized OS Benchmark (1.2.0) Google Container-Optimized OS
Center for Internet Security (CIS)
06/10/2024 Prose - CIS Google Container-Optimized OS Benchmark v1.2.0
* This checklist is still undergoing review for inclusion into the NCP.