U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 832 matching records. Displaying matches 61 through 80.

Name (Version) Target Authority Last Modified Resources
Tanium 7.x STIG (Ver 2, Rel 2) Tanium 7.x
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - Tanium 7.x STIG - Ver 2, Rel 2
Oracle Linux 7 STIG (Ver 3, Rel 2) Oracle Linux 7
Defense Information Systems Agency
04/09/2025 SCAP 1.3 Content - Oracle Linux 7 STIG Benchmark - Ver 3, Rel 1
Standalone XCCDF 1.1.4 - Oracle Linux 7 STIG - Ver 3, Rel 2
IBM zSecure Suite STIG (Version 1, Release 3) IBM zSecure Suite
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - IBM zSecure Suite STIG - Ver 1, Rel 3
Arista MLS EOS 4.x STIG (Y25M04) Arista Multi-Layer Switch Extensible Operating System (MLS EOS) 4.2
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - Arista MLS EOS 4.X STIG
Splunk Enterprise 8.x for Linux (Ver 2, Rel 2) Splunk Enterprise 8.0.0
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - Splunk Enterprise 8.x for Linux STIG - Ver 2, Rel 2
Red Hat Jboss Enterprise Application Platform (EAP) 6.3 STIG (Ver 2, Rel 6) Red Hat JBoss Enterprise Application Platform 6.3.0
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - JBoss Enterprise Application Platform 6.3 STIG - Ver 2, Rel 6
Tanium 7.0 STIG (Ver 2, Rel 1) Tanium 7.0
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - Sunset - Tanium 7.0 STIG - Ver 2, Rel 1
Oracle Linux 8 STIG (Ver 2, Rel 4) Oracle Linux 8.0
Defense Information Systems Agency
04/09/2025 SCAP 1.3 Content - Oracle Linux 8 STIG SCAP Benchmark - Ver 2, Rel 4
SCAP 1.2 Content - Sunset - Oracle Linux 8 STIG Benchmark - Ver 1, Rel 8
Automated Content - SCC 5.10.2 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86 64
Automated Content - SCC 5.10.2 RHEL 8/Oracle Linux 8 Aarch64
Automated Content - SCC 5.10.2 RHEL 8/Oracle Linux 8 x86 64
Automated Content - SCC 5.10.2 RHEL 9/Oracle Linux 9 x86 64
Standalone XCCDF 1.1.4 - Oracle Linux 8 STIG - Ver 2, Rel 4
Standalone XCCDF 1.1.4 - Oracle Linux 8 STIG for Ansible - Ver 2, Rel 4
Infoblox 8.x Domain Name System (DNS) STIG (Version 1, Release 2) Infoblox 8.x Domain Name System (DNS)
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - Infoblox 8.x DNS STIG - Ver 1, Rel 2
Oracle 12c Database STIG (Ver 3, Rel 4) Oracle Database 12c
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - Oracle Database 12c STIG - Ver 3, Rel 4
Kubernetes STIG (Ver 2, Rel 3) Kubernetes
Defense Information Systems Agency
04/09/2025 SCAP 1.3 Content - Kubernetes STIG SCAP Benchmark - Ver 2, Rel 3
SCAP 1.2 Content - Sunset - Kubernetes STIG Benchmark - Ver 1, Rel 3
Standalone XCCDF 1.1.4 - Kubernetes STIG - Ver 2, Rel 3
z/OS RACF STIG (Y25M04) IBM z/OS
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - IBM z/OS STIG
Standalone XCCDF 1.1.4 - z/OS RACF Products
Standalone XCCDF 1.1.4 - z/OS SRR Scripts
z/OS ACF2 STIG (Y25M04) IBM z/OS
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - IBM z/OS STIG
Standalone XCCDF 1.1.4 - z/OS ACF2 Products
VMware vSphere 8.0 STIG (Y25M04) VMware vSphere 8.0
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - VMware vSphere 8.0 STIG
Tanium 7.x on TanOS STIG (Y25M04) Tanium 7.x
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - Tanium 7.x TanOS STIG
VMware vSphere 7.0 STIG (Y25M04) VMware vSphere 7.0
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - VMware vSphere 7.0 STIG
Palo Alto Networks Network Device Management (NDM) STIG (Y25M04) Palo Alto Networks Network Device Management (NDM)
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
Microsoft SQL Server 2016 (Y25M04) Microsoft SQL Server 2016
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - Microsoft SQL Server 2016 STIG
IBM WebSphere Liberty Server STIG (Ver 2, Rel 2) IBM WebSphere Liberty Server
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - IBM WebSphere Liberty Server STIG - Ver 2, Rel 2
z/OS TSS STIG (Y25M04) IBM z/OS
Defense Information Systems Agency
04/09/2025 Standalone XCCDF 1.1.4 - IBM z/OS STIG
Standalone XCCDF 1.1.4 - z/OS TSS Products STIG
Standalone XCCDF 1.1.4 - z/OS SRR Scripts
* This checklist is still undergoing review for inclusion into the NCP.