Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
security checklists (or benchmarks) that provide detailed low level
guidance on setting the security configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Security
Content Automation Protocol (SCAP). SCAP enables validated
security products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Please note that the current search fields have been adjusted to
reflect NIST SP 800-70 Revision 4.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 612
matching records. Displaying matches 81 through 100.
| Name (Version) |
Target |
Authority |
Last Modified |
Resources |
| Microsoft .NET Framework 4 (Version 2, Release 2) |
Microsoft .NET Framework 4.0
|
Defense Information Systems Agency
|
03/09/2023 |
SCAP 1.2 Content - Microsoft .NET Framework 4 STIG Benchmark - Ver 2, Rel 2
Automated Content - SCC 5.7.1 Windows
Standalone XCCDF 1.1.4 - Microsoft .Net Framework 4.0 STIG - Ver 2, Rel 2
|
| Solaris 10 (SPARC and x86) Manual STIG (Version 2, Release 4) |
Oracle Solaris 10.0
|
Defense Information Systems Agency
|
03/09/2023 |
SCAP 1.2 Content - Sunset - Solaris 10 SPARC STIG Benchmark - Ver 2, Rel 4
SCAP 1.2 Content - Sunset - Solaris 10 X86 STIG Benchmark - Ver 2, Rel 4
Automated Content - SCC 5.7.1 Solaris 10 i386
Automated Content - SCC 5.7.1 Solaris 10 SPARC
Automated Content - SCC 5.7.1 Solaris 11 i386
Automated Content - SCC 5.7.1 Solaris 11 SPARC
Standalone XCCDF 1.1.4 - Sunset - Solaris 10 SPARC STIG - Ver 2, Rel 4
Standalone XCCDF 1.1.4 - Sunset - Solaris 10 x86 STIG - Ver 2, Rel 4
|
| CIS BIND Benchmark (v2.0.0) |
ISC Bind 9.2.4
ISC Bind 9.3.1
|
Center for Internet Security (CIS)
|
02/27/2023 |
Prose - CIS BIND Benchmark v2.0.0
|
| Vanguard Compliance Manager z/OS RACF Checklist for completing a manual SRR Audit for Stig (6.54-88) |
IBM z/OS Version 2, Release 3
IBM z/OS Version 2, Release 4
IBM z/OS Version 2, Release 5
|
Vanguard Integrity Professionals, Inc.
|
02/06/2023 |
ZIP - anguard z/OS RACF Checklist 6.54/8.7 PDF version
ZIP - Vanguard z/OS RACF Checklist 6.54/8.7 XML version
|
| Samsung Android 13 with Knox 3.x STIG (Y23M01) |
Google Android 13
|
Defense Information Systems Agency
|
01/31/2023 |
Standalone XCCDF 1.1.4 - Samsung Android 13 with Knox 3.x STIG
|
| Oracle Linux 6 STIG (Version 2, Release 7) |
Oracle Linux 6
|
Defense Information Systems Agency
|
01/17/2023 |
Standalone XCCDF 1.1.4 - Sunset - Oracle Linux 6 STIG - Ver 2, Rel 7
|
| Google Android 10.x STIG (Ver 2, Rel 1) |
Google Android 10.0
|
Defense Information Systems Agency
|
01/17/2023 |
Standalone XCCDF 1.1.4 - Sunset - Google Android 10 STIG - Ver 2, Rel 1
|
| NetApp ONTAP DSC 9.X STIG (Ver 1, Rel 3) |
NetApp ONTAP DSC 9.x
|
Defense Information Systems Agency
|
01/17/2023 |
Standalone XCCDF 1.1.4 - NetApp ONTAP DSC 9.x STIG - Ver 1, Rel 3
|
| Oracle HTTP Server 12.1.3 STIG (Version 2, Release 2) |
Oracle HTTP Server 12.1.3 STIG, Version 1, Release 1
|
Defense Information Systems Agency
|
01/17/2023 |
Standalone XCCDF 1.1.4 - Oracle HTTP Server 12.1.3 STIG - Ver 2, Rel 2
|
| Apache Server 2.4 UNIX STIG (Y23M01) |
Apache HTTP Server 2.4.0
|
Defense Information Systems Agency
|
01/17/2023 |
Standalone XCCDF 1.1.4 - Apache Server 2.4 UNIX STIG
|
| Apache Server 2.4 Windows STIG (Y23M01) |
Apache HTTP Server 2.4.0
|
Defense Information Systems Agency
|
01/17/2023 |
Standalone XCCDF 1.1.4 - Apache Server 2.4 Windows STIG
|
| Microsoft Azure SQL Database STIG (Ver 1, Rel 1) |
Microsoft Azure
|
Defense Information Systems Agency
|
01/05/2023 |
Standalone XCCDF 1.1.4 - Microsoft Azure SQL Database STIG - Ver 1, Rel 1
|
| Tanium 7.x on TanOS STIG (Ver 1, Rel 1) |
Tanium 7.x
|
Defense Information Systems Agency
|
01/05/2023 |
Standalone XCCDF 1.1.4 - Tanium 7.x on TanOS STIG - Ver 1, Rel 1
|
| Oracle MySQL 8.0 STIG (Ver 1, Rel 3) |
Oracle MySQL 8.0
|
Defense Information Systems Agency
|
12/21/2022 |
Standalone XCCDF 1.1.4 - Oracle MySQL 8.0 STIG - Ver 1, Rel 3
|
| Microsoft Android 11 STIG (Version 1, Release 1) |
Google Android 11.0
|
Defense Information Systems Agency
|
12/20/2022 |
Standalone XCCDF 1.1.4 - Microsoft Android 11 STIG
|
| Google Android 13 STIG (Ver 1, Rel 1) |
Google Android 13
|
Defense Information Systems Agency
|
12/17/2022 |
Standalone XCCDF 1.1.4 - Google Android 13 STIG - Ver 1, Rel 1
|
| HPE 3PAR StoreServ OS STIG (Ver 1, Rel 1) |
HPE 3PAR StoreServ 3.2.x
|
Defense Information Systems Agency
|
12/17/2022 |
Standalone XCCDF 1.1.4 - HPE 3PAR StoreServ OS STIG - Ver 1, Rel 1
|
| Ventura Guidance (Revision 1.1) |
Apple macOS 13.0 (Ventura)
|
NIST, macOS Security Compliance Project
|
12/10/2022 |
SCAP 1.3 Content - Ventura Guidance, Revision 1.1
|
| Monterey Guidance (Revision 3.1) |
Apple macOS 12.0 (Monterey)
|
NIST, macOS Security Compliance Project
|
12/10/2022 |
SCAP 1.3 Content - Monterey Guidance Revision 3.1
|
| Big Sur Guidance (Revision 6) |
Apple macOS 11.0 (Big Sur)
|
NIST, macOS Security Compliance Project
|
12/10/2022 |
SCAP 1.3 Content - Big Sur Guidance Revision 6.1
|
* This checklist is still undergoing review for
inclusion into the NCP.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
