U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 818 matching records. Displaying matches 723 through 742.

Name (Version) Target Authority Last Modified Resources
CIS Palo Alto Firewall 6 Benchmark (1.0.0) Palo Alto Networks Network Device Management (NDM)
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Palo Alto Firewall 6 Benchmark v1.0.0
CIS Docker 1.11.0 Benchmark (1.0.0) Docker 1.11.0
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Docker 1.11.0 Benchmark v1.0.0
CIS Docker 1.13.0 Benchmark (1.0.0) Docker 1.13.0
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Docker 1.13.0 Benchmark v1.0.0
CIS Google Android 7 Benchmark (1.0.0) Google Android 7.x
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Google Android 7 Benchmark v1.0.0
CIS SUSE Linux Enterprise Server 11 Benchmark (1.0.0) SuSE Linux Enterprise Server 11
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS SUSE Linux Enterprise Server 11 Benchmark v1.0.0
CIS Mozilla Firefox 24 ESR Benchmark (1.0.0) Mozilla Firefox ESR 24.0
Mozilla Firefox ESR 24.1
Mozilla Firefox ESR 24.2
Mozilla Firefox ESR 24.3
Mozilla Firefox ESR 24.4
Mozilla Firefox ESR 24.5
Mozilla Firefox ESR 24.6
Mozilla Firefox ESR 24.7
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Mozilla Firefox 24 ESR Benchmark v1.0.0
SEL-2740S STIG (Ver 1 Rel 1) SEL Inc SEL-2740S
 Defense Information Systems Agency
 07/15/2019 Standalone XCCDF 1.1.4 - SEL-2740S STIG Ver 1 Rel 1
IBM WebSphere Traditional V9.x STIG (1.0) IBM WebSphere Application Server traditional V9
 Defense Information Systems Agency
 07/12/2019 Standalone XCCDF 1.1.4 - IBM WebSphere Traditional V9.x STIG Version 1
MobileIron Core v10.x MDM STIG (Ver 1 Rel 1) MobileIron Core 10.0
 Defense Information Systems Agency
 07/10/2019 Standalone XCCDF 1.1.4 - MobileIron Core v10.x MDM STIG Ver 1 Rel 1
.NET Framework Security Checklist (Version 1, Release 3) Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
 Defense Information Systems Agency
 06/07/2019 Prose - Microsoft .Net Framework Security Checklist - Ver 1, Rel 3
IBM DataPower STIG (Ver 1, Rel 2) IBM DataPower
 Defense Information Systems Agency
 06/06/2019 Standalone XCCDF 1.1.4 - IBM DataPower STIG ALG STIG Ver 1
Standalone XCCDF 1.1.4 - IBM DataPower NDM STIG - Ver 1, Rel 2
Apache 2.2 STIG - Windows (Version 1, Release 13) Apache HTTP Server 2.2
 Defense Information Systems Agency
 06/05/2019 Standalone XCCDF 1.1.4 - Apache 2.2 STIG Windows - Ver 1, Rel 13
Apache 2.2 STIG - UNIX (Version 1, Release 11) Apache HTTP Server 2.2
 Defense Information Systems Agency
 06/05/2019 Standalone XCCDF 1.1.4 - Apache 2.2 STIG UNIX - Ver 1, Rel 11
Akamai KSD Service IL2 STIG (Version 1) Akamai Kona Site Defender Service Impact Level 2
 Defense Information Systems Agency
 06/05/2019 Standalone XCCDF 1.1.4 - Akamai KSD Service IL2 ALG STIG Version 1
Standalone XCCDF 1.1.4 - Akamai KSD Service IL2 NDM STIG Version 1
Google Chrome v23 Windows STIG (Version 1, Release 2) Google Chrome 23.0.1271.0
 Defense Information Systems Agency
 04/15/2019 Machine-Readable Format - Google Chrome v23 Windows Benchmark - Version 1, Release 2
Standalone XCCDF 1.1.4 - Google Chrome v23 Windows STIG Version 1, Release 2
Domain Name System (DNS) STIG (Version 4, Release 1.18) Cisco Content Services Switch 11000
ISC Bind 9.3.1
ISC Bind 9.3.2
Microsoft Windows 2000
Microsoft Windows Server 2000
Microsoft Windows Server 2003
Microsoft Windows XP
 Defense Information Systems Agency
 04/15/2019 Standalone XCCDF 1.1.4 - Domain Name System (DNS) STIG, Version 4, Release 1.18
APPLE iOS 8 INTERIM SECURITY CONFIGURATION GUIDE (ISCG) (Version 1, Release 1) Apple iPhone OS 8.0
 Defense Information Systems Agency
 04/15/2019 Standalone XCCDF 1.1.4 - APPLE iOS 8 INTERIM SECURITY CONFIGURATION GUIDE (ISCG)
Apple iOS 7 STIG (Version 1 Release 2) Apple iPhone OS 7.0
 Defense Information Systems Agency
 04/15/2019 Standalone XCCDF 1.1.4 - Apple iOS 7 STIG Version 1 Release 2
SQL Server 7 Database Security Checklist (Version 8 Release 1.7) Microsoft SQL Server 7.0
 Defense Information Systems Agency
 04/15/2019 Prose - SQL Server 7 Database Security Checklist - Version 8 Release 1.7
Enterprise System Management (ESM) STIG (Version 1, Release 1) Microsoft Systems Management Server 2003
 Defense Information Systems Agency
 04/15/2019 Prose - Enterprise System Management (ESM) STIG - Version 1 Release 1
* This checklist is still undergoing review for inclusion into the NCP.