Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
security checklists (or benchmarks) that provide detailed low level
guidance on setting the security configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Security
Content Automation Protocol (SCAP). SCAP enables validated
security products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Please note that the current search fields have been adjusted to
reflect NIST SP 800-70 Revision 4.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 588
matching records. Displaying matches 181 through 200.
| Name (Version) |
Target |
Authority |
Last Modified |
Resources |
| VMware vSphere 6.5 STIG (Y21M10) |
VMware vSphere 6.5
|
Defense Information Systems Agency
|
10/29/2021 |
Machine-Readable Format - VMware vSphere 6.5 STIG for Ansible - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - VMware vSphere 6.5 STIG
|
| Oracle 11g Database STIG (Version 9 Release 1) |
Oracle Database 11g
Oracle Database 11g 11.1
Oracle Database 11g 11.2
|
Defense Information Systems Agency
|
10/27/2021 |
Standalone XCCDF 1.1.4 - Sunset - Oracle Database 11g STIG - Version 9, Release 1
|
| McAfee VSEL 1.9/2.0 STIG (Version 1, Release 1) |
McAfee VirusScan Enterprise for Linux 1.9x
McAfee VirusScan Enterprise for Linux 2.0x
|
Defense Information Systems Agency
|
10/07/2021 |
Standalone XCCDF 1.1.4 - Sunset-McAfee VSEL 1.9/2.0 STIG
|
| CIS Cisco IOS Benchmark (v3.0.1) |
Cisco IOS
|
Center for Internet Security (CIS)
|
10/07/2021 |
Prose - CIS Cisco IOS Benchmark v3.0.1
|
| CIS Microsoft IIS 8 Benchmark (1.5.0) |
Microsoft Internet Information Services (IIS) 8.0
|
Center for Internet Security (CIS)
|
09/16/2021 |
Prose - CIS Microsoft IIS 8 Benchmark, 1.5.0
|
| CIS CISCO Firewall Benchmark (4.1.0) |
Cisco ASA 8
Cisco ASA 9
|
Center for Internet Security (CIS)
|
09/16/2021 |
Security Template - CIS CISCO Firewall Benchmark
|
| VMware ESX 3 Server STIG (Ver 1, Rel 2) |
VMware ESX Server 3.0.0
|
Defense Information Systems Agency
|
08/30/2021 |
Standalone XCCDF 1.1.4 - Sunset - VMWare ESX 3 Policy STIG - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Sunset - VMware ESX 3 Server STIG - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Sunset - VMware ESX 3 Virtual Center STIG - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Sunset - VMware ESX 3 Virtual Machine STIG - Ver 1, Rel 2
|
| NIST National Checklist for Red Hat Enterprise Linux 8.x (content v0.1.50) |
Red Hat Enterprise Linux 8.0
Red Hat Enterprise Linux 8.1
Red Hat Enterprise Linux 8.2
|
Red Hat
|
08/18/2021 |
SCAP 1.3 Content - NIST National Checklist for Red Hat Enterprise Linux 8.x
Ansible Playbook - FBI Criminal Justice Information Services (FBI CJIS)
Ansible Playbook - NIST 800-171 (Controlled Unclassified Information)
Ansible Playbook - Health Insurance Portability and Accountability Act (HIPAA)
Ansible Playbook - NIST National Checklist for RHEL 8.x
Ansible Playbook - PCI-DSS
|
| NIST National Checklist for Red Hat Enterprise Linux 7.x (content v0.1.50) |
Red Hat Enterprise Linux 7.0
Red Hat Enterprise Linux 7.1
Red Hat Enterprise Linux 7.2
Red Hat Enterprise Linux 7.3
Red Hat Enterprise Linux 7.4
Red Hat Enterprise Linux 7.5
Red Hat Enterprise Linux 7.6
Red Hat Enterprise Linux 7.7
|
Red Hat
|
08/18/2021 |
SCAP 1.3 Content - NIST National Checklist for Red Hat Enterprise Linux 7.x, SCAP 1.3
Ansible Playbook - CIA Commercial Cloud Services (CIA C2S)
Ansible Playbook - FBI Criminal Justice Information Services (FBI CJIS)
Ansible Playbook - NIST 800-171 (Controlled Unclassified Information)
Ansible Playbook - Health Insurance Portability and Accountability Act (HIPAA)
Ansible Playbook - NIST National Checklist for Red Hat Enterprise Linux 7.x
Ansible Playbook - PCI-DSS
Ansible Playbook - DoD STIG
|
| Splunk Enterprise 7.x for Windows STIG (Ver 2, Rel 3) |
Splunk Enterprise 7.0
|
Defense Information Systems Agency
|
08/10/2021 |
Standalone XCCDF 1.1.4 - Splunk Enterprise 7.x for Windows STIG - Ver 2, Rel 3
|
| CIS Oracle MySQL Enterprise Edition 8.0 Benchmark (v1.1.0) |
Oracle MySQL Enterprise Edition 8.0
|
Center for Internet Security (CIS)
|
08/05/2021 |
Prose - CIS Oracle MySQL Enterprise Edition 8.0 Benchmark v1.1.0
|
| Microsoft SCOM STIG (Ver 1, Rel 1) |
Microsoft SCOM
|
Defense Information Systems Agency
|
08/03/2021 |
Standalone XCCDF 1.1.4 - Microsoft SCOM STIG - Ver 1, Rel 1
|
| BIND 9.x STIG (Ver 2, Rel 2) |
BIND 9.x
|
Defense Information Systems Agency
|
07/29/2021 |
Standalone XCCDF 1.1.4 - BIND 9.x STIG - Ver 2, Rel 2
|
| Adobe ColdFusion (Version 2, Release 1) |
Adobe ColdFusion
|
Defense Information Systems Agency
|
07/28/2021 |
Standalone XCCDF 1.1.4 - Sunset - Adobe ColdFusion 11 STIG - Ver 2, Rel 1
|
| VMWare vRealize Automation 7.x STIG (Y21M07) |
VMWare vRealize Automation 7.x
|
Defense Information Systems Agency
|
07/28/2021 |
Standalone XCCDF 1.1.4 - VMware vRealize Automation 7.x STIG
|
| VMware vRealize Operations 6.x STIG (Y21M07) |
VMWare vRealize Operations Manager 6.x
|
Defense Information Systems Agency
|
07/28/2021 |
Standalone XCCDF 1.1.4 - VMware vRealize Ops 6.x STIG
Standalone XCCDF 1.1.4 - VMWare vRealize Operations Manager Cassandra STIG - Ver 1, Rel 1
|
| IBM zVM Using CA VMSecure STIG (Ver 2, Rel 1) |
IBM zVM Using CA VMSecure
|
Defense Information Systems Agency
|
07/28/2021 |
Standalone XCCDF 1.1.4 - IBM zVM using CA VMSecure STIG - Ver 2, Rel 1
|
| Zebra Android 10 STIG (Version 1, Release 1) |
Google Android 10.0
|
Defense Information Systems Agency
|
07/14/2021 |
Standalone XCCDF 1.1.4 - Zebra Android 10 STIG
|
| Samsung SDS EMM v1.5.x STIG (Version 1, Release 1) |
Samsung SDS EMM
|
Defense Information Systems Agency
|
06/25/2021 |
Standalone XCCDF 1.1.4 - Samsung SDS EMM v1.5.x STIG - Ver 1, Rel 1
|
| CIS Microsoft SQL Server 2016 Benchmark (1.3.0) |
Microsoft SQL Server 2016
|
Center for Internet Security (CIS)
|
05/04/2021 |
Prose - CIS Microsoft SQL Server 2016 Benchmark v1.3.0
|
* This checklist is still undergoing review for
inclusion into the NCP.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
