U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 612 matching records. Displaying matches 81 through 100.

Name (Version) Target Authority Last Modified Resources
Microsoft .NET Framework 4 (Version 2, Release 2) Microsoft .NET Framework 4.0
Defense Information Systems Agency
03/09/2023 SCAP 1.2 Content - Microsoft .NET Framework 4 STIG Benchmark - Ver 2, Rel 2
Automated Content - SCC 5.7.1 Windows
Standalone XCCDF 1.1.4 - Microsoft .Net Framework 4.0 STIG - Ver 2, Rel 2
Solaris 10 (SPARC and x86) Manual STIG (Version 2, Release 4) Oracle Solaris 10.0
Defense Information Systems Agency
03/09/2023 SCAP 1.2 Content - Sunset - Solaris 10 SPARC STIG Benchmark - Ver 2, Rel 4
SCAP 1.2 Content - Sunset - Solaris 10 X86 STIG Benchmark - Ver 2, Rel 4
Automated Content - SCC 5.7.1 Solaris 10 i386
Automated Content - SCC 5.7.1 Solaris 10 SPARC
Automated Content - SCC 5.7.1 Solaris 11 i386
Automated Content - SCC 5.7.1 Solaris 11 SPARC
Standalone XCCDF 1.1.4 - Sunset - Solaris 10 SPARC STIG - Ver 2, Rel 4
Standalone XCCDF 1.1.4 - Sunset - Solaris 10 x86 STIG - Ver 2, Rel 4
CIS BIND Benchmark (v2.0.0) ISC Bind 9.2.4
ISC Bind 9.3.1
Center for Internet Security (CIS)
02/27/2023 Prose - CIS BIND Benchmark v2.0.0
Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (6.54-88) IBM z/OS Version 2, Release 3
IBM z/OS Version 2, Release 4
IBM z/OS Version 2, Release 5
Vanguard Integrity Professionals, Inc.
02/06/2023 ZIP - anguard z/OS RACF Checklist 6.54/8.7 PDF version
ZIP - Vanguard z/OS RACF Checklist 6.54/8.7 XML version
Samsung Android 13 with Knox 3.x STIG (Y23M01) Google Android 13
Defense Information Systems Agency
01/31/2023 Standalone XCCDF 1.1.4 - Samsung Android 13 with Knox 3.x STIG
Oracle Linux 6 STIG (Version 2, Release 7) Oracle Linux 6
Defense Information Systems Agency
01/17/2023 Standalone XCCDF 1.1.4 - Sunset - Oracle Linux 6 STIG - Ver 2, Rel 7
Google Android 10.x STIG (Ver 2, Rel 1) Google Android 10.0
Defense Information Systems Agency
01/17/2023 Standalone XCCDF 1.1.4 - Sunset - Google Android 10 STIG - Ver 2, Rel 1
NetApp ONTAP DSC 9.X STIG (Ver 1, Rel 3) NetApp ONTAP DSC 9.x
Defense Information Systems Agency
01/17/2023 Standalone XCCDF 1.1.4 - NetApp ONTAP DSC 9.x STIG - Ver 1, Rel 3
Oracle HTTP Server 12.1.3 STIG (Version 2, Release 2) Oracle HTTP Server 12.1.3 STIG, Version 1, Release 1
Defense Information Systems Agency
01/17/2023 Standalone XCCDF 1.1.4 - Oracle HTTP Server 12.1.3 STIG - Ver 2, Rel 2
Apache Server 2.4 UNIX STIG (Y23M01) Apache HTTP Server 2.4.0
Defense Information Systems Agency
01/17/2023 Standalone XCCDF 1.1.4 - Apache Server 2.4 UNIX STIG
Apache Server 2.4 Windows STIG (Y23M01) Apache HTTP Server 2.4.0
Defense Information Systems Agency
01/17/2023 Standalone XCCDF 1.1.4 - Apache Server 2.4 Windows STIG
Microsoft Azure SQL Database STIG (Ver 1, Rel 1) Microsoft Azure
Defense Information Systems Agency
01/05/2023 Standalone XCCDF 1.1.4 - Microsoft Azure SQL Database STIG - Ver 1, Rel 1
Tanium 7.x on TanOS STIG (Ver 1, Rel 1) Tanium 7.x
Defense Information Systems Agency
01/05/2023 Standalone XCCDF 1.1.4 - Tanium 7.x on TanOS STIG - Ver 1, Rel 1
Oracle MySQL 8.0 STIG (Ver 1, Rel 3) Oracle MySQL 8.0
Defense Information Systems Agency
12/21/2022 Standalone XCCDF 1.1.4 - Oracle MySQL 8.0 STIG - Ver 1, Rel 3
Microsoft Android 11 STIG (Version 1, Release 1) Google Android 11.0
Defense Information Systems Agency
12/20/2022 Standalone XCCDF 1.1.4 - Microsoft Android 11 STIG
Google Android 13 STIG (Ver 1, Rel 1) Google Android 13
Defense Information Systems Agency
12/17/2022 Standalone XCCDF 1.1.4 - Google Android 13 STIG - Ver 1, Rel 1
HPE 3PAR StoreServ OS STIG (Ver 1, Rel 1) HPE 3PAR StoreServ 3.2.x
Defense Information Systems Agency
12/17/2022 Standalone XCCDF 1.1.4 - HPE 3PAR StoreServ OS STIG - Ver 1, Rel 1
Ventura Guidance (Revision 1.1) Apple macOS 13.0 (Ventura)
NIST, macOS Security Compliance Project
12/10/2022 SCAP 1.3 Content - Ventura Guidance, Revision 1.1
Monterey Guidance (Revision 3.1) Apple macOS 12.0 (Monterey)
NIST, macOS Security Compliance Project
12/10/2022 SCAP 1.3 Content - Monterey Guidance Revision 3.1
Big Sur Guidance (Revision 6) Apple macOS 11.0 (Big Sur)
NIST, macOS Security Compliance Project
12/10/2022 SCAP 1.3 Content - Big Sur Guidance Revision 6.1
* This checklist is still undergoing review for inclusion into the NCP.