Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 558 matching records. Displaying matches 61 through 80.

Name (Version) Target Authority Last Modified Resources
Microsoft Exchange Server 2016 STIG (Version 2, Release 1) Microsoft Exchange Server 2016
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Microsoft Exchange 2016 STIG
BIND 9.x STIG (Ver 2, Rel 2) BIND 9.x
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - BIND 9.x STIG - Ver 2, Rel 2
Apache Server 2.4 UNIX STIG (Y21M01) Apache HTTP Server 2.4.0
Defense Information Systems Agency
07/29/2021 Standalone XCCDF 1.1.4 - Apache Server 2.4 UNIX STIG
Adobe ColdFusion (Version 2, Release 1) Adobe ColdFusion
Defense Information Systems Agency
07/28/2021 Standalone XCCDF 1.1.4 - Sunset - Adobe ColdFusion 11 STIG - Ver 2, Rel 1
VMWare vRealize Automation 7.x STIG (Y21M07) VMWare vRealize Automation 7.x
Defense Information Systems Agency
07/28/2021 Standalone XCCDF 1.1.4 - VMware vRealize Automation 7.x STIG
Suse Linux Enterprise Server (SLES) 15 STIG (Version 1, Release 3) SUSE Enterprise Linux 15
Defense Information Systems Agency
07/28/2021 Standalone XCCDF 1.1.4 - SUSE Linux Enterprise Server (SLES) 15 STIG - Ver 1, Rel 3
VMware vSphere 6.5 STIG (Y21M07) VMware vSphere 6.5
Defense Information Systems Agency
07/28/2021 Machine-Readable Format - VMware vSphere 6.5 STIG for Ansible - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - VMware vSphere 6.5 STIG
Red Hat 8 STIG (Ver 1, Rel 3) Red Hat Enterprise Linux 8.0
Defense Information Systems Agency
07/28/2021 SCAP 1.2 Content - RHEL 8 STIG Benchmark - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 8 STIG - Ver 1, Rel 3
Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 8 STIG for Ansible - Ver 1, Rel 3
Oracle Linux 6 STIG (Version 2, Release 4) Oracle Linux 6
Defense Information Systems Agency
07/28/2021 Standalone XCCDF 1.1.4 - Oracle Linux 6 STIG - Ver 2, Rel 4
VMware vRealize Operations 6.x STIG (Y21M07) VMWare vRealize Operations Manager 6.x
Defense Information Systems Agency
07/28/2021 Standalone XCCDF 1.1.4 - VMware vRealize Ops 6.x STIG
Standalone XCCDF 1.1.4 - VMWare vRealize Operations Manager Cassandra STIG - Ver 1, Rel 1
IBM zVM Using CA VMSecure STIG (Ver 2, Rel 1) IBM zVM Using CA VMSecure
Defense Information Systems Agency
07/28/2021 Standalone XCCDF 1.1.4 - IBM zVM using CA VMSecure STIG - Ver 2, Rel 1
Catalina Guidance (Revision 4) Apple OS X 10.15
NIST, macOS Security Compliance Project
07/28/2021 SCAP 1.3 Content - Catalina Guidance
Big Sur Guidance (Revision 3) Apple macOS 11.0 (Big Sur)
NIST, macOS Security Compliance Project
07/28/2021 SCAP 1.3 Content - Big Sur Guidance
Zebra Android 10 STIG (Version 1, Release 1) Google Android 10.0
Defense Information Systems Agency
07/14/2021 Standalone XCCDF 1.1.4 - Zebra Android 10 STIG
Oracle 11g Database STIG (Version 8 Release 20) Oracle Database 11g
Oracle Database 11g 11.1
Oracle Database 11g 11.2
Defense Information Systems Agency
07/02/2021 Prose - Oracle 11g Database STIG - Ver 8, Rel 20
Samsung SDS EMM v1.5.x STIG (Version 1, Release 1) Samsung SDS EMM
Defense Information Systems Agency
06/25/2021 Standalone XCCDF 1.1.4 - Samsung SDS EMM v1.5.x STIG - Ver 1, Rel 1
Samsung SDS EMM STIG (Ver 1, Rel 2) Samsung SDS EMM
Defense Information Systems Agency
06/25/2021 Standalone XCCDF 1.1.4 - Samsung SDS EMM STIG - Ver 1, Rel 2
Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (6.48-8.2) IBM z/OS Version 2, Release 3
IBM z/OS Version 2, Release 4
Vanguard Integrity Professionals, Inc.
06/22/2021 ZIP - Vanguard z/OS RACF Checklist 6.48/8.2 PDF version
ZIP - Vanguard z/OS RACF Checklist 6.47/8.1 XML version
Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (6.49-8.3) IBM z/OS Version 2, Release 3
IBM z/OS Version 2, Release 4
Vanguard Integrity Professionals, Inc.
06/22/2021 ZIP - Vanguard z/OS RACF Checklist 6.49/8.3 PDF version
ZIP - Vanguard z/OS RACF Checklist 6.49/8.3 XML version
VMware vSphere 6.7 STIG (Ver 1, Rel 1) VMware vSphere 6.7
Defense Information Systems Agency
06/14/2021 Standalone XCCDF 1.1.4 - VMware vSphere 6.7 STIG
* This checklist is still undergoing review for inclusion into the NCP.