Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
security checklists (or benchmarks) that provide detailed low level
guidance on setting the security configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Security
Content Automation Protocol (SCAP). SCAP enables validated
security products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 868
matching records. Displaying matches 61 through 80.
| Name (Version) |
Target |
Authority |
Last Modified |
Resources |
| Cisco IOS XE Switch STIG (Y26M01) |
Cisco IOS XE
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Cisco IOS XE Switch STIG
|
| Cisco IOS XR Router STIG (Y26M01) |
Cisco IOS XR
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Cisco IOS XR Router STIG
|
| Cisco ISE STIG (Y26M01) |
Cisco Identity Services Engine
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Cisco ISE STIG
|
| Cisco NX OS Switch STIG (Y26M01) |
Cisco NX-OS
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Cisco NX OS Switch STIG
|
| Samsung Android 14 with Knox 3.x STIG (Y25M10) |
Google Android 14
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Samsung Android OS 14 with Knox 3.x STIG
|
| Trellix Application Control 8.x STIG (Ver 3, Rel 2) |
Trellix Application and Change Control
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Trellix Application Control 8.x STIG - Ver 3, Rel 2
|
| Tanium 7.x STIG (Ver 2, Rel 3) |
Tanium 7.x
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Tanium 7.x STIG - Ver 2, Rel 3
|
| Microsoft Office 365 ProPlus STIG (Ver 3, Rel 7) |
Microsoft Office 365 ProPlus
|
Defense Information Systems Agency
|
01/22/2026 |
SCAP 1.3 Content - Microsoft Office 365 ProPlus STIG SCAP Benchmark - Ver 3, Rel 7
Automated Content - SCC 5.12.1 Windows
GPOs - Group Policy Objects (GPOs) - January 2026
Intune Policies - Intune Policy - January 2026
Standalone XCCDF 1.1.4 - Microsoft Office 365 ProPlus STIG - Ver 3, Rel 4
|
| Microsoft Windows Server 2016 STIG (Version 2, Release 10) |
Microsoft Windows Server 2016
|
Defense Information Systems Agency
|
01/22/2026 |
SCAP 1.3 Content - Sunset - Microsoft Windows Server 2016 STIG Benchmark - Ver 2, Rel 8
Automated Content - SCC 5.12.1 Windows
Standalone XCCDF 1.1.4 - Sunset - Microsoft Windows Server 2016 STIG for Chef - Ver 1, Rel 3
Standalone XCCDF 1.1.4 - Microsoft Windows Server 2016 STIG for PowerShell DSC - Ver 1, Rel 3
Standalone XCCDF 1.1.4 - Sunset - Microsoft Windows Server 2016 STIG - Ver 2, Rel 10
|
| Microsoft One Drive for Business 2016 STIG (Version 2, Release 4) |
Microsoft One Drive for Business 2016
|
Defense Information Systems Agency
|
01/22/2026 |
Automated Content - SCC 5.12.1 Windows
|
| Apple macOS 15 (Sequoia) STIG (Ver 1, Rel 6) |
Apple MacOS 15.0
|
Defense Information Systems Agency
|
01/22/2026 |
Automated Content - SCC 5.12.1 MacOS ARM64
Standalone XCCDF 1.1.4 - Apple macOS 15 (Sequoia) STIG - Ver 1, Rel 6
|
| Ivanti Sentry 9.x STIG (Y24M10) |
Ivanti MobileIron Sentry 9.x
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Ivanti Sentry 9.x STIG
|
| Active Directory Domain STIG (Ver 3, Rel 6) |
Microsoft Active Directory
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Active Directory Domain STIG - Ver 3, Rel 6
|
| Amazon Linux 2023 (Ver 1, Rel 2) |
Amazon Linux
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Amazon Linux 2023 STIG - Ver 1, Rel 2
|
| Google Android 13 STIG (Y25M10) |
Google Android 13
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Sunset - Google Android 13 STIG
|
| Axonius Federal Systems Ax-OS STIG (Ver 1, Rel 2) |
Axonius Federal Systems Ax-OS
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Axonius Federal Systems Ax-OS STIG - Ver 1, Rel 2
|
| Canonical Ubuntu 22.04 LTS STIG (Ver 2, Rel 6) |
Canonical Ubuntu 22.04 LTS
|
Defense Information Systems Agency
|
01/22/2026 |
SCAP 1.3 Content - Canonical Ubuntu 22.04 LTS STIG SCAP Benchmark - Ver 2, Rel 5
Automated Content - SCC 5.12.1 Ubuntu 18/20 AMD64
Automated Content - SCC 5.12.1 Ubuntu 20/Raspios-bulleye Aarch64
Automated Content - SCC 5.12.1 Ubuntu 22/24 AMD64
Automated Content - SCC 5.12.1 Ubuntu 22/24 ARM64
Standalone XCCDF 1.1.4 - Canonical Ubuntu 22.04 LTS STIG - Ver 2, Rel 7
Standalone XCCDF 1.1.4 - Canonical Ubuntu 22.04 LTS STIG for Ansible - Ver 2, Rel 7
Standalone XCCDF 1.1.4 - Canonical Ubuntu 22.04 LTS STIG for Chef - Ver 2, Rel 7
|
| Apple iOS/iPadOS 18 STIG (Ver 2, Rel 2) |
Apple iPadOS 18.0
Apple iPhone OS 18.0
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - Apple iOS/iPadOS 18 - Ver 2, Rel 2
|
| MariaDB Enterprise 10.x STIG (Ver 2, Rel 4) |
MariaDB Enterprise Server 10.x
|
Defense Information Systems Agency
|
01/22/2026 |
Standalone XCCDF 1.1.4 - MariaDB Enterprise 10.x STIG - Ver 2, Rel 4
|
| Apple macOS (Sonoma) 14 STIG (Ver 2, Rel 4) |
Apple macOS 14.0
|
Defense Information Systems Agency
|
01/22/2026 |
Automated Content - SCC 5.12.1 MacOS ARM64
|
* This checklist is still undergoing review for
inclusion into the NCP.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
