U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 588 matching records. Displaying matches 181 through 200.

Name (Version) Target Authority Last Modified Resources
VMware vSphere 6.5 STIG (Y21M10) VMware vSphere 6.5
Defense Information Systems Agency
10/29/2021 Machine-Readable Format - VMware vSphere 6.5 STIG for Ansible - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - VMware vSphere 6.5 STIG
Oracle 11g Database STIG (Version 9 Release 1) Oracle Database 11g
Oracle Database 11g 11.1
Oracle Database 11g 11.2
Defense Information Systems Agency
10/27/2021 Standalone XCCDF 1.1.4 - Sunset - Oracle Database 11g STIG - Version 9, Release 1
McAfee VSEL 1.9/2.0 STIG (Version 1, Release 1) McAfee VirusScan Enterprise for Linux 1.9x
McAfee VirusScan Enterprise for Linux 2.0x
Defense Information Systems Agency
10/07/2021 Standalone XCCDF 1.1.4 - Sunset-McAfee VSEL 1.9/2.0 STIG
CIS Cisco IOS Benchmark (v3.0.1) Cisco IOS
Center for Internet Security (CIS)
10/07/2021 Prose - CIS Cisco IOS Benchmark v3.0.1
CIS Microsoft IIS 8 Benchmark (1.5.0) Microsoft Internet Information Services (IIS) 8.0
Center for Internet Security (CIS)
09/16/2021 Prose - CIS Microsoft IIS 8 Benchmark, 1.5.0
CIS CISCO Firewall Benchmark (4.1.0) Cisco ASA 8
Cisco ASA 9
Center for Internet Security (CIS)
09/16/2021 Security Template - CIS CISCO Firewall Benchmark
VMware ESX 3 Server STIG (Ver 1, Rel 2) VMware ESX Server 3.0.0
Defense Information Systems Agency
08/30/2021 Standalone XCCDF 1.1.4 - Sunset - VMWare ESX 3 Policy STIG - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Sunset - VMware ESX 3 Server STIG - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Sunset - VMware ESX 3 Virtual Center STIG - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Sunset - VMware ESX 3 Virtual Machine STIG - Ver 1, Rel 2
NIST National Checklist for Red Hat Enterprise Linux 8.x (content v0.1.50) Red Hat Enterprise Linux 8.0
Red Hat Enterprise Linux 8.1
Red Hat Enterprise Linux 8.2
Red Hat
08/18/2021 SCAP 1.3 Content - NIST National Checklist for Red Hat Enterprise Linux 8.x
Ansible Playbook - FBI Criminal Justice Information Services (FBI CJIS)
Ansible Playbook - NIST 800-171 (Controlled Unclassified Information)
Ansible Playbook - Health Insurance Portability and Accountability Act (HIPAA)
Ansible Playbook - NIST National Checklist for RHEL 8.x
Ansible Playbook - PCI-DSS
NIST National Checklist for Red Hat Enterprise Linux 7.x (content v0.1.50) Red Hat Enterprise Linux 7.0
Red Hat Enterprise Linux 7.1
Red Hat Enterprise Linux 7.2
Red Hat Enterprise Linux 7.3
Red Hat Enterprise Linux 7.4
Red Hat Enterprise Linux 7.5
Red Hat Enterprise Linux 7.6
Red Hat Enterprise Linux 7.7
Red Hat
08/18/2021 SCAP 1.3 Content - NIST National Checklist for Red Hat Enterprise Linux 7.x, SCAP 1.3
Ansible Playbook - CIA Commercial Cloud Services (CIA C2S)
Ansible Playbook - FBI Criminal Justice Information Services (FBI CJIS)
Ansible Playbook - NIST 800-171 (Controlled Unclassified Information)
Ansible Playbook - Health Insurance Portability and Accountability Act (HIPAA)
Ansible Playbook - NIST National Checklist for Red Hat Enterprise Linux 7.x
Ansible Playbook - PCI-DSS
Ansible Playbook - DoD STIG
Splunk Enterprise 7.x for Windows STIG (Ver 2, Rel 3) Splunk Enterprise 7.0
Defense Information Systems Agency
08/10/2021 Standalone XCCDF 1.1.4 - Splunk Enterprise 7.x for Windows STIG - Ver 2, Rel 3
CIS Oracle MySQL Enterprise Edition 8.0 Benchmark (v1.1.0) Oracle MySQL Enterprise Edition 8.0
Center for Internet Security (CIS)
08/05/2021 Prose - CIS Oracle MySQL Enterprise Edition 8.0 Benchmark v1.1.0
Microsoft SCOM STIG (Ver 1, Rel 1) Microsoft SCOM
Defense Information Systems Agency
08/03/2021 Standalone XCCDF 1.1.4 - Microsoft SCOM STIG - Ver 1, Rel 1
BIND 9.x STIG (Ver 2, Rel 2) BIND 9.x
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - BIND 9.x STIG - Ver 2, Rel 2
Adobe ColdFusion (Version 2, Release 1) Adobe ColdFusion
Defense Information Systems Agency
07/28/2021 Standalone XCCDF 1.1.4 - Sunset - Adobe ColdFusion 11 STIG - Ver 2, Rel 1
VMWare vRealize Automation 7.x STIG (Y21M07) VMWare vRealize Automation 7.x
Defense Information Systems Agency
07/28/2021 Standalone XCCDF 1.1.4 - VMware vRealize Automation 7.x STIG
VMware vRealize Operations 6.x STIG (Y21M07) VMWare vRealize Operations Manager 6.x
Defense Information Systems Agency
07/28/2021 Standalone XCCDF 1.1.4 - VMware vRealize Ops 6.x STIG
Standalone XCCDF 1.1.4 - VMWare vRealize Operations Manager Cassandra STIG - Ver 1, Rel 1
IBM zVM Using CA VMSecure STIG (Ver 2, Rel 1) IBM zVM Using CA VMSecure
Defense Information Systems Agency
07/28/2021 Standalone XCCDF 1.1.4 - IBM zVM using CA VMSecure STIG - Ver 2, Rel 1
Zebra Android 10 STIG (Version 1, Release 1) Google Android 10.0
Defense Information Systems Agency
07/14/2021 Standalone XCCDF 1.1.4 - Zebra Android 10 STIG
Samsung SDS EMM v1.5.x STIG (Version 1, Release 1) Samsung SDS EMM
Defense Information Systems Agency
06/25/2021 Standalone XCCDF 1.1.4 - Samsung SDS EMM v1.5.x STIG - Ver 1, Rel 1
CIS Microsoft SQL Server 2016 Benchmark (1.3.0) Microsoft SQL Server 2016
Center for Internet Security (CIS)
05/04/2021 Prose - CIS Microsoft SQL Server 2016 Benchmark v1.3.0
* This checklist is still undergoing review for inclusion into the NCP.