U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 850 matching records. Displaying matches 281 through 300.

Name (Version) Target Authority Last Modified Resources
Microsoft Word 2010 STIG (Ver 1, Rel 12) Microsoft Word 2010
 Defense Information Systems Agency
 08/20/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Word 2010 STIG - Ver 1, Rel 12
Docker Enterprise 2.x Linux/UNIX STIG (Ver 2 Rel 2) Docker Enterprise 2.0.0
 Defense Information Systems Agency
 08/20/2024 Machine-Readable Format - Docker Enterprise 2.x Linux/Unix STIG for Ansible - Ver 1, Rel 1
Standalone XCCDF 1.1.4 - Docker Enterprise 2.x Linux/Unix - Ver 2, Rel 1
Standalone XCCDF 1.1.4 - Sunset - Docker Enterprise 2.x Linux/Unix STIG - Ver 2, Rel 2
Samsung Android 11 Knox 3.x (Ver 1, Rel 1) Google Android 11.0
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Samsung Android 11 Knox 3.x STIG
PostgreSQL 9.x STIG (Ver 2, Rel 5) PostgreSQL 9.x
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - PostgreSQL 9.x STIG - Ver 2, Rel 5
Publisher 2010 STIG (Version 1, Release 12) Microsoft Publisher 2010
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Publisher 2010 STIG - Ver 1, Rel 12
Project 2010 STIG (Version 1, Release 10) Microsoft Project 2010
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Project 2010 STIG - Ver 1, Rel 10
PowerPoint 2010 STIG (Version 1, Release 11) Microsoft PowerPoint 2010
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft PowerPoint 2010 STIG - Ver 1, Rel 11
Office System 2010 STIG (Version 1, Release 13) Microsoft Office System 2010
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Microsoft Office System 2010 STIG - Ver 1, Rel 13
Microsoft Windows 2012 Server DNS STIG (Ver 2, Rel 7) Microsoft Windows Server 2012 R2
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Windows 2012 Server Domain Name System STIG - Ver 2, Rel 7
Publisher 2013 STIG (Version 1, Release 6) Microsoft Publisher 2013
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Publisher 2013 STIG - Ver 1, Rel 6
PowerPoint 2013 STIG (Version 1, Release 7) Microsoft Power Point 2013
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft PowerPoint 2013 STIG - Ver 1, Rel 7
Infopath 2010 STIG (Version 1, Release 12) Microsoft InfoPath 2010
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft InfoPath 2010 STIG - Ver 1, Rel 12
Microsoft Android 11 STIG (Y24M07) Google Android 11.0
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Android 11 STIG
IBM MQ Appliance v9-0 STIG (V1) IBM MQ Appliance v9-0
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - IBM MQ Appliance V9-0 STIG
Google Android 12 STIG (Ver 1, Rel 1) Google Android 12
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - Sunset - Google Android 12 STIG
Microsoft SQL Server 2014 STIG (Y22M10) Microsoft SQL Server 2014
 Defense Information Systems Agency
 08/15/2024 Standalone XCCDF 1.1.4 - MS SQL Server 2014 STIG
Nutanix AOS 5.20.x STIG (Y24M07) Nutanix AOS
 Defense Information Systems Agency
 08/14/2024 Standalone XCCDF 1.1.4 - Sunset - Nutanix AOS 5.20.x STIG
VMWare Workspace ONE UEM STIG (Ver 2, Rel 1) Workspace ONE Unified Endpoint Management
 Defense Information Systems Agency
 08/13/2024 Standalone XCCDF 1.1.4 - Sunset - VMware Workspace ONE UEM STIG - Ver 2, Rel 2
Microsoft Exchange Server 2013 (Y21M12) Microsoft Exchange Server 2013
 Defense Information Systems Agency
 08/13/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Exchange 2013 STIG
Samsung Android 12 with Knox 3.x (Y24M07) Google Android 12
 Defense Information Systems Agency
 08/13/2024 Standalone XCCDF 1.1.4 - Sunset - Samsung Android 12 KPE 3.x STIG
* This checklist is still undergoing review for inclusion into the NCP.