U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 825 matching records. Displaying matches 181 through 200.

Name (Version) Target Authority Last Modified Resources
PowerPoint 2010 STIG (Version 1, Release 11) Microsoft PowerPoint 2010
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft PowerPoint 2010 STIG - Ver 1, Rel 11
Office System 2010 STIG (Version 1, Release 13) Microsoft Office System 2010
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Microsoft Office System 2010 STIG - Ver 1, Rel 13
Microsoft Windows 2012 Server DNS STIG (Ver 2, Rel 7) Microsoft Windows Server 2012 R2
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Windows 2012 Server Domain Name System STIG - Ver 2, Rel 7
Publisher 2013 STIG (Version 1, Release 6) Microsoft Publisher 2013
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Publisher 2013 STIG - Ver 1, Rel 6
PowerPoint 2013 STIG (Version 1, Release 7) Microsoft Power Point 2013
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft PowerPoint 2013 STIG - Ver 1, Rel 7
Infopath 2010 STIG (Version 1, Release 12) Microsoft InfoPath 2010
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft InfoPath 2010 STIG - Ver 1, Rel 12
Microsoft Android 11 STIG (Y24M07) Google Android 11.0
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Android 11 STIG
IBM MQ Appliance v9-0 STIG (V1) IBM MQ Appliance v9-0
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - IBM MQ Appliance V9-0 STIG
Google Android 12 STIG (Ver 1, Rel 1) Google Android 12
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Google Android 12 STIG
Microsoft SQL Server 2014 STIG (Y22M10) Microsoft SQL Server 2014
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - MS SQL Server 2014 STIG
Nutanix AOS 5.20.x STIG (Y24M07) Nutanix AOS
 Defense Information Systems Agency
 08/14/2024 Standalone XCCDF 1.1.4 - Sunset - Nutanix AOS 5.20.x STIG
VMWare Workspace ONE UEM STIG (Ver 2, Rel 1) Workspace ONE Unified Endpoint Management
 Defense Information Systems Agency
 08/13/2024 Standalone XCCDF 1.1.4 - Sunset - VMware Workspace ONE UEM STIG - Ver 2, Rel 2
Microsoft Exchange Server 2013 (Y21M12) Microsoft Exchange Server 2013
 Defense Information Systems Agency
 08/13/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Exchange 2013 STIG
Samsung Android 12 with Knox 3.x (Y24M07) Google Android 12
 Defense Information Systems Agency
 08/13/2024 Standalone XCCDF 1.1.4 - Sunset - Samsung Android 12 KPE 3.x STIG
Apple OS/iPad OS 15 STIG (Ver 1, Rel 4) Apple OS/iPad OS 15
 Defense Information Systems Agency
 08/13/2024 Standalone XCCDF 1.1.4 - Sunset - Apple iOS/iPadOS 15 - Ver 1, Rel 4
Riverbed SteelHead CX v8 STIG (Y24M07) Riverbed SteelHead CX v8 ALG
Riverbed SteelHead CX v8 NDM
 Defense Information Systems Agency
 08/13/2024 Standalone XCCDF 1.1.4 - Sunset - Riverbed Steelhead CX v8 STIG
HPE Nimble Storage Array STIG (Ver 2, Rel 1) HPE Nimble Storage Array
 Defense Information Systems Agency
 08/13/2024 Standalone XCCDF 1.1.4 - HPE Nimble Storage Array STIG
MongoDB 3.x STIG (Ver 2, Rel 3) MongoDB 3.2
MongoDB 3.4
 Defense Information Systems Agency
 08/12/2024 Standalone XCCDF 1.1.4 - Sunset - MongoDB 3.x STIG - Ver 2, Rel 3
MongoDB 4.x STIG (Ver 1, Rel 4) MongoDB 4.0
 Defense Information Systems Agency
 08/12/2024 Standalone XCCDF 1.1.4 - Sunset - MongoDB 4.x STIG - Ver 1, Rel 4
Tanium 7.x on TanOS STIG (Y24M07) Tanium 7.x
 Defense Information Systems Agency
 08/09/2024 Standalone XCCDF 1.1.4 - Tanium 7.x TanOS STIG
* This checklist is still undergoing review for inclusion into the NCP.