U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 807 matching records. Displaying matches 797 through 807.

Name (Version) Target Authority Last Modified Resources
Vanguard DB2 z/OS RACF Checklist (6.1) IBM DB2 8.1
IBM OS390
IBM RACF
IBM Z/OS Version 1, Release 9
IBM z/OS Version 1 Release 10
IBM z/OS Version 1 Release 11
IBM z/OS Version 1 Release 12
IBM z/OS Version 2, Release 1
IBM z/OS Version 2.1
Vanguard Integrity Professionals, Inc.
09/08/2017 Machine-Readable Format - Vanguards DB2 Checkslist for RACF on z/OS
Samsung Knox Android 1.0 STIG (Version 2 Release 2) Samsung Knox Android 1.0
Defense Information Systems Agency
08/16/2017 Standalone XCCDF 1.1.4 - Samsung Knox Android 1.0 STIG Version 2 Release 2
Macintosh Operating System X 10.5 (Version 1, Release 2) Apple Mac OS X 10.5
Defense Information Systems Agency
08/15/2017 Standalone XCCDF 1.1.4 - Mac OS X 10.5 STIG, Version 1, Release 2
BlackBerry PlayBook OS v2.1 STIG (Version 1, Release 2) Research in Motion BlackBerry PlayBook OS 2.1
Defense Information Systems Agency
08/15/2017 Standalone XCCDF 1.1.4 - BlackBerry PlayBook OS v2.1 STIG Version 1, Release 2
Java Runtime Environment (JRE) 7 (Version 1, Release 5) Oracle Java Runtime Environment (JRE) 1.7.0
Defense Information Systems Agency
08/15/2017 Standalone XCCDF 1.1.4 - Java Runtime Environment (JRE) 7 - Version 1, Release 5
Java Runtime Environment (JRE) 6 (Version 1, Release 5) Sun JRE 1.6.0
Defense Information Systems Agency
08/15/2017 Standalone XCCDF 1.1.4 - Java Runtime Environment (JRE) 6, Version 1, Release 5
NIST SP 800-68 (R1.2.0) Microsoft Windows XP
NIST National Vulnerability Database
06/01/2017 Prose - NIST Prose Guidance for Windows XP.
Prose - This FDCC resource has been deprecated by USGCB content.
APT-Suspicious file names and file locations (v0.4) Microsoft Windows 7
Microsoft Windows XP
CyberESI
05/06/2017 SCAP 1.2 Content - APT - Suspicious file names and file locations
NIST SP 800-43 (Update R1.2.3) Microsoft Windows 2000
NIST, Computer Security Division
09/12/2014 Security Template - The security template for the checklist entitled NIST 800-43.
Standalone XCCDF 1.1.4 - The XCCDF representation of the checklist entitled NIST SP 800-43.
Prose - The landing page for the NIST SP 800-43 checklist.
Suspicious file names and file locations (v0.3) Microsoft Windows XP
CyberESI
06/07/2011 SCAP 1.1 Content - Suspicious file names and file locations
HP LaserJet 4345 MFP Security Checklist (Version 1) HP LaserJet 4345 MFP
HP
07/23/2009 Prose - HP LaserJet 4345 MFP Security Checklist
* This checklist is still undergoing review for inclusion into the NCP.