U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 786 matching records. Displaying matches 441 through 460.

Name (Version) Target Authority Last Modified Resources
Microsoft Windows 2012 Server DNS STIG (Ver 2, Rel 5) Microsoft Windows Server 2012 R2
 Defense Information Systems Agency
 05/29/2022 Standalone XCCDF 1.1.4 - Microsoft Windows 2012 Server Domain Name System STIG - Ver 2, Rel 5
Cisco IOS XE Release 3 Router STIG (Version 1 Release 3) Cisco IOS XE
 Defense Information Systems Agency
 04/29/2022 Standalone XCCDF 1.1.4 - Sunset - Cisco IOS XE Release 3 NDM STIG - Ver 1, Rel 5
Standalone XCCDF 1.1.4 - Sunset - Cisco IOS XE Release 3 RTR STIG - Ver 1, Rel 3
Sharepoint 2013 (Version 2, Release 3) Microsoft Sharepoint Server 2013
 Defense Information Systems Agency
 04/28/2022 Standalone XCCDF 1.1.4 - Microsoft SharePoint 2013 STIG - Ver 2, Rel 3
CIS Oracle MySQL Enterprise Edition 5.7 Benchmark (v2.0.0) Oracle MySQL Enterprise Edition 5.7
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS Oracle MySQL Enterprise Edition 5.7 Benchmark v2.0.0
CIS Oracle MySQL Enterprise Edition 5.6 Benchmark (2.0.0) Oracle MySQL Enterprise Edition 5.6
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS Oracle MySQL Enterprise Edition 5.6 Benchmark v2.0.0
CIS Oracle MySQL Community Server 5.6 Benchmark (2.0.0) MySQL 5.6
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS ORACLE MYSQL COMMUNITY SERVER 5.6 BENCHMARK V2.0.0
CIS Oracle MySQL Community Server 5.7 Benchmark (2.0.0) Oracle MySQL Community Server 5.7
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS Oracle MySQL Community Server 5.7 Benchmark v2.0.0
CIS Palo Alto Firewall 8 Benchmark (1.0.0) Palo Alto Networks Network Device Management (NDM)
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS Palo Alto Firewall 8 Benchmark, 1.0.0
CIS ISC BIND DNS Server 9.9 Benchmark (3.0.1) ISC BIND 9.9
 Center for Internet Security (CIS)
 04/27/2022 Prose - CIS ISC BIND DNS Server 9.9 Benchmark v3.0.1
Apple OS X 10.14 (Mojave) STIG (Ver 2, Rel 6) Apple OS X 10.14
 Defense Information Systems Agency
 04/25/2022 Standalone XCCDF 1.1.4 - Sunset - Apple macOS 10.14 STIG - Ver 2, Rel 6
Apple OS X 10.13 STIG (Ver 2, Rel 5) Apple macOS 10.13
 Defense Information Systems Agency
 04/25/2022 Standalone XCCDF 1.1.4 - Sunset - Apple macOS 10.13 STIG - Ver 2, Rel 5
Catalina Guidance (Revision 6) Apple OS X 10.15
 NIST, macOS Security Compliance Project
 03/18/2022 SCAP 1.3 Content - Catalina Guidance
CIS Apache HTTP Server 2.2 Benchmark (3.6.0) Apache HTTP Server 2.2
 Center for Internet Security (CIS)
 02/11/2022 Prose - CIS Apache HTTP Server 2.2 Benchmark v3.6.0
CIS Apple iOS 10 Benchmark (2.0.0) Apple iOS 10
 Center for Internet Security (CIS)
 02/11/2022 Prose - CIS Apple iOS 10 Benchmark v2.0.0
CIS PostgreSQL 11 Benchmark (1.0.0) PostgreSQL 11
 Center for Internet Security (CIS)
 02/11/2022 Prose - CIS PostgreSQL 12 Benchmark v1.0.0
CIS MongoDB 3.2 Benchmark (1.0.0) MongoDB 3.2
 Center for Internet Security (CIS)
 02/11/2022 Prose - CIS MongoDB 3.2 Benchmark v1.0.0
CIS MongoDB 3.4 Benchmark (1.0.0) MongoDB 3.4
 Center for Internet Security (CIS)
 02/11/2022 Prose - CIS MongoDB 3.4 Benchmark v1.0.0
CIS Oracle Database 12c Benchmark (3.0.0) Oracle Database 12c
Oracle Database 12c Release 2
 Center for Internet Security (CIS)
 02/11/2022 Prose - CIS Oracle Database Server 12c Benchmark v3.0.0
Tanium 7.3 STIG (Ver 2, Rel 2) Tanium 7.3
 Defense Information Systems Agency
 01/26/2022 Standalone XCCDF 1.1.4 - Tanium 7.3 STIG - Ver 2, Rel 2
HPE 3PAR StoreServ 3.2.x STIG (version 2, release 1) HPE 3PAR StoreServ 3.2.x
 Defense Information Systems Agency
 01/26/2022 Standalone XCCDF 1.1.4 - HPE 3PAR StoreServ 3.2.x STIG - Ver 2, Rel 1
* This checklist is still undergoing review for inclusion into the NCP.