NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

Checklist Type:

Authority:

Target:

Order By:

Content Type:

Tool Compatibility:

Keyword:

There are 825 matching records. Displaying matches 81 through 100.

Name (Version)	Target	Authority	Last Modified	Resources
Apple macOS (Sonoma) 14 STIG (Ver 2, Rel 3)	Apple macOS 14.0	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - Apple macOS 14 (Sonoma) STIG - Ver 2, Rel 3
Rancher Government Solutions RKE2 STIG (Ver 2, Rel 3)	Rancher RKE2	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - Rancher Government Solutions RKE2 STIG - Ver 2, Rel 3
IBM Aspera Platform 4.2 STIG (Ver 1, Rel 3)	IBM Aspera Platform	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - Sunset - IBM Aspera Platform 4.2 STIG - Ver 1, Rel 3
F5 BIG-IP 11.x STIG (Y24M09)	F5 BIG-IP Access Policy Manager (APM) 11.x STIG	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - F5 BIG-IP TMOS STIG
Palo Alto Networks Prisma Cloud Compute STIG (Ver 2, Rel 2)	Palo Alto Networks Prisma Cloud Compute	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - Palo Alto Networks Prisma Cloud Compute STIG - Ver 2, Rel 2
Suse Linux Enterprise Server (SLES) 15 STIG (Version 2, Release 3)	SUSE Enterprise Linux 15	Defense Information Systems Agency	01/30/2025	SCAP 1.3 Content - SUSE Linux Enterprise Server 15 STIG Benchmark - Ver 2, Rel 3 SCAP 1.2 Content - Sunset - SUSE Linux Enterprise Server 15 STIG Benchmark - Ver 1, Rel 6 Standalone XCCDF 1.1.4 - SUSE Linux Enterprise Server 15 STIG - Ver 2, Rel 3
Sharepoint 2013 (Version 2, Release 4)	Microsoft Sharepoint Server 2013	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - Microsoft SharePoint 2013 STIG - Ver 2, Rel 4
Apple macOS 13 STIG (Ver 1, Rel 5)	Apple macOS 13.0 (Ventura)	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - Sunset - Apple macOS 13 (Ventura) STIG - Ver 1, Rel 5
Canonical Ubuntu 20.04 LTS STIG (Ver 2, Rel 2)	Canonical Ubuntu 22.04 LTS	Defense Information Systems Agency	01/30/2025	SCAP 1.3 Content - Canonical Ubuntu 20.04 LTS STIG Benchmark - Ver 2, Rel 2 SCAP 1.2 Content - Sunset - Canonical Ubuntu 20.04 LTS STIG Benchmark - Ver 1, Rel 9 Automated Content - SCC 5.10.1 Raspbian 11 ARMv7 Automated Content - SCC 5.10.1 Ubuntu 18/20 AMD64 Automated Content - SCC 5.10.1 Ubuntu 20/Raspios-bulleye Aarch64 Automated Content - SCC 5.10.1 Ubuntu 22 AMD64 Standalone XCCDF 1.1.4 - Canonical Ubuntu 20.04 LTS STIG for Ansible - Ver 1, Rel 11 Standalone XCCDF 1.1.4 - Canonical Ubuntu 20.04 LTS STIG - Ver 2, Rel 1
SUSE Linux Enterprise Server (SLES) 12 STIG (Ver 3, Rel 2)	SUSE Linux Enterprise Server 12.0	Defense Information Systems Agency	01/30/2025	SCAP 1.3 Content - SUSE Linux Enterprise Server 12 STIG Benchmark - Ver 3, Rel 2 Standalone XCCDF 1.1.4 - SUSE Linux Enterprise Server 12 STIG - Ver 3, Rel 2
MariaDB Enterprise 10.x STIG (Ver 2, Rel 3)	MariaDB Enterprise Server 10.x	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - MariaDB Enterprise 10.x STIG - Ver 2, Rel 3
McAfee Application Control STIG (Ver 1, Rel 4)	McAfee Application Control 7.0.0	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - Sunset - McAfee Application Control 7.x STIG - Ver 1, Rel 4
IBM zSecure Suite STIG (Version 1, Release 2)	IBM zSecure Suite	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - IBM zSecure Suite STIG - Ver 1, Rel 2
Cisco IOS Switch STIG (Y25M01)	Cisco IOS Cisco IOS XE Cisco NX-OS	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - Cisco IOS XE Switch STIG Standalone XCCDF 1.1.4 - Cisco IOS Switch STIG Standalone XCCDF 1.1.4 - Cisco NX OS Switch STIG
Oracle WebLogic Server 12c STIG (Ver 2, Rel 2)	Oracle Weblogic Server	Defense Information Systems Agency	01/30/2025	Standalone XCCDF 1.1.4 - Sunset - Oracle WebLogic Server 12c STIG - Ver 2, Rel 2
Red Hat Enterprise Linux 9 (Ver 2, Rel 3)	Red Hat Enterprise Linux 9.0	Defense Information Systems Agency	01/30/2025	SCAP 1.3 Content - Red Hat Enterprise Linux 9 STIG Benchmark - Ver 2, Rel 3 Automated Content - SCC 5.10.1 RHEL 9 x86 64 Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 9 STIG for Chef- Ver 1, Rel 2 Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 9 STIG - Ver 2, Rel 3 Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 9 STIG for Ansible- Ver 2, Rel 3
Red Hat 8 STIG (Ver 2, Rel 2)	Red Hat Enterprise Linux 8.0	Defense Information Systems Agency	01/30/2025	SCAP 1.3 Content - Red Hat Enterprise Linux 8 STIG Benchmark - Ver 2, Rel 2 SCAP 1.2 Content - Sunset - Red Hat Enterprise Linux 8 STIG Benchmark - Ver 1, Rel 12 Automated Content - SCC 5.10.1 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86 64 Automated Content - SCC 5.10.1 RHEL 8/Oracle Linux 8 Aarch64 Automated Content - SCC 5.10.1 RHEL 8/Oracle Linux 8 x86 64 Automated Content - SCC 5.10.1 RHEL 9 x86 64 Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 8 STIG for Chef - Ver 1, Rel 13 Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 8 STIG - Ver 2, Rel 2 Standalone XCCDF 1.1.4 - Red Hat Enterprise Linux 8 STIG for Ansible - Ver 2, Rel 2
Oracle Linux 8 STIG (Ver 2, Rel 3)	Oracle Linux 8.0	Defense Information Systems Agency	01/30/2025	SCAP 1.3 Content - Oracle Linux 8 STIG Benchmark - Ver 2, Rel 3 SCAP 1.2 Content - Sunset - Oracle Linux 8 STIG Benchmark - Ver 1, Rel 8 Automated Content - SCC 5.10.1 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86 64 Automated Content - SCC 5.10.1 RHEL 8/Oracle Linux 8 Aarch64 Automated Content - SCC 5.10.1 RHEL 8/Oracle Linux 8 x86 64 Automated Content - SCC 5.10.1 RHEL 9 x86 64 Standalone XCCDF 1.1.4 - Oracle Linux 8 STIG - Ver 2, Rel 3 Standalone XCCDF 1.1.4 - Oracle Linux 8 STIG for Ansible - Ver 2, Rel 3
VMware vSphere 8.0 STIG (Y25M01)	VMware vSphere 8.0	Defense Information Systems Agency	01/29/2025	Standalone XCCDF 1.1.4 - VMware vSphere 8.0 STIG
VMware NSX STIG (Version 1)	VMware NSX	Defense Information Systems Agency	01/29/2025	Standalone XCCDF 1.1.4 - VMware NSX 4.x STIG Standalone XCCDF 1.1.4 - VMware NSX Distributed Logical Router STIG, Ver 1 Standalone XCCDF 1.1.4 - VMware NSX Manager STIG, Ver 1

* This checklist is still undergoing review for inclusion into the NCP.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Checklist Program

National Checklist Program

Checklist Repository