U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 841 matching records. Displaying matches 742 through 761.

Name (Version) Target Authority Last Modified Resources
CIS Apache Tomcat 7 Benchmark (1.1.0) Apache Tomcat
 Center for Internet Security (CIS)
 08/13/2019 Prose - CIS Apache Tomcat 7 Benchmark v1.1.0
CIS Microsoft PowerPoint 2016 Benchmark (1.0.1) Microsoft PowerPoint 2016
 Center for Internet Security (CIS)
 08/13/2019 Prose - CIS MICROSOFT POWERPOINT 2016 BENCHMARK V1.0.1
CIS Microsoft Outlook 2013 Benchmark (1.1.0) Microsoft Outlook 2013
 Center for Internet Security (CIS)
 08/13/2019 Prose - CIS Microsoft Outlook 2013 Benchmark v1.1.0
CIS Microsoft Outlook 2016 Benchmark (1.1.0) Microsoft Outlook 2016
 Center for Internet Security (CIS)
 08/13/2019 Prose - CIS Microsoft Outlook 2016 Benchmark v1.1.0
CIS Microsoft Access 2013 Benchmark (1.0.1) Access 2013
 Center for Internet Security (CIS)
 08/13/2019 Prose - CIS MICROSOFT ACCESS 2013 BENCHMARK V1.0.1
CIS Palo Alto Firewall 7 Benchmark (1.0.0) Palo Alto Networks Network Device Management (NDM)
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Palo Alto Firewall 7 Benchmark v1.0.0
CIS MongoDB Benchmark (1.0.0) MongoDB 3.2
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS MongoDB Benchmark v1.0.0
CIS Microsoft Exchange Server 2016 Benchmark (1.0.0) Microsoft Exchange Server 2016
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Microsoft Exchange Server 2016 Benchmark v1.0.0
CIS Mozilla Firefox 38 ESR Benchmark (1.0.0) Firefox 38 ESR
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Mozilla Firefox 38 ESR Benchmark 1.0.0
CIS Google Chrome 46 Benchmark (1.0.0) Google Chrome 46
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Google Chrome 46 Benchmark v.1.0.0
CIS Palo Alto Firewall 6 Benchmark (1.0.0) Palo Alto Networks Network Device Management (NDM)
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Palo Alto Firewall 6 Benchmark v1.0.0
CIS Docker 1.11.0 Benchmark (1.0.0) Docker 1.11.0
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Docker 1.11.0 Benchmark v1.0.0
CIS SUSE Linux Enterprise Server 11 Benchmark (1.0.0) SuSE Linux Enterprise Server 11
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS SUSE Linux Enterprise Server 11 Benchmark v1.0.0
CIS Mozilla Firefox 24 ESR Benchmark (1.0.0) Mozilla Firefox ESR 24.0
Mozilla Firefox ESR 24.1
Mozilla Firefox ESR 24.2
Mozilla Firefox ESR 24.3
Mozilla Firefox ESR 24.4
Mozilla Firefox ESR 24.5
Mozilla Firefox ESR 24.6
Mozilla Firefox ESR 24.7
 Center for Internet Security (CIS)
 07/26/2019 Prose - CIS Mozilla Firefox 24 ESR Benchmark v1.0.0
SEL-2740S STIG (Ver 1 Rel 1) SEL Inc SEL-2740S
 Defense Information Systems Agency
 07/15/2019 Standalone XCCDF 1.1.4 - SEL-2740S STIG Ver 1 Rel 1
IBM WebSphere Traditional V9.x STIG (1.0) IBM WebSphere Application Server traditional V9
 Defense Information Systems Agency
 07/12/2019 Standalone XCCDF 1.1.4 - IBM WebSphere Traditional V9.x STIG Version 1
MobileIron Core v10.x MDM STIG (Ver 1 Rel 1) MobileIron Core 10.0
 Defense Information Systems Agency
 07/10/2019 Standalone XCCDF 1.1.4 - MobileIron Core v10.x MDM STIG Ver 1 Rel 1
.NET Framework Security Checklist (Version 1, Release 3) Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
 Defense Information Systems Agency
 06/07/2019 Prose - Microsoft .Net Framework Security Checklist - Ver 1, Rel 3
IBM DataPower STIG (Ver 1, Rel 2) IBM DataPower
 Defense Information Systems Agency
 06/06/2019 Standalone XCCDF 1.1.4 - IBM DataPower STIG ALG STIG Ver 1
Standalone XCCDF 1.1.4 - IBM DataPower NDM STIG - Ver 1, Rel 2
Akamai KSD Service IL2 STIG (Version 1) Akamai Kona Site Defender Service Impact Level 2
 Defense Information Systems Agency
 06/05/2019 Standalone XCCDF 1.1.4 - Akamai KSD Service IL2 ALG STIG Version 1
Standalone XCCDF 1.1.4 - Akamai KSD Service IL2 NDM STIG Version 1
* This checklist is still undergoing review for inclusion into the NCP.