U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 829 matching records. Displaying matches 121 through 140.

Name (Version) Target Authority Last Modified Resources
Windows Firewall STIG (Version 1, Release 2) Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Vista Firewall
 Defense Information Systems Agency
 12/12/2019 GPOs - Group Policy Objects (GPOs) - January 2019
Standalone XCCDF 1.1.4 - Windows Firewall STIG Version 1, Release 2
Word 2013 STIG (Version 1, Release 7) Microsoft Word 2013
 Defense Information Systems Agency
 04/14/2025 GPOs - Group Policy Objects (GPOs) - January 2025
Android 2.2 (Dell) (Version 1, Release 2) Google Android 2.2
 Defense Information Systems Agency
 09/11/2019 Machine-Readable Format - Sunset - Android 2.2 (DELL) STIG - Ver 1, Rel 2
Docker Enterprise 2.x Linux/UNIX STIG (Ver 2 Rel 2) Docker Enterprise 2.0.0
 Defense Information Systems Agency
 08/20/2024 Machine-Readable Format - Docker Enterprise 2.x Linux/Unix STIG for Ansible - Ver 1, Rel 1
Standalone XCCDF 1.1.4 - Docker Enterprise 2.x Linux/Unix - Ver 2, Rel 1
Standalone XCCDF 1.1.4 - Sunset - Docker Enterprise 2.x Linux/Unix STIG - Ver 2, Rel 2
Entra ID - SCuBA (1.5) Microsoft Azure Active Directory
 Cybersecurity and Infrastructure Security Agency (CISA)
 03/27/2025 Machine-Readable Format - Microsoft Entra ID - GitHub
Prose - Microsoft Entra ID - SCuBA
FBI CJIS Compliance Profile for Red Hat Enterprise Linux 7 (RHEL7) (v0.1.31) Red Hat Enterprise Linux 7.0
Red Hat Enterprise Linux 7.1
Red Hat Enterprise Linux 7.2
Red Hat Enterprise Linux 7.3
 Red Hat
 12/04/2017 Machine-Readable Format - SCAP Datastream
Google Chrome v23 Windows STIG (Version 1, Release 2) Google Chrome 23.0.1271.0
 Defense Information Systems Agency
 04/15/2019 Machine-Readable Format - Google Chrome v23 Windows Benchmark - Version 1, Release 2
Standalone XCCDF 1.1.4 - Google Chrome v23 Windows STIG Version 1, Release 2
Google Chrome v24 Windows STIG (Version 1, Release 1) Google Chrome 24.0.1272.0
 Defense Information Systems Agency
 04/15/2019 Machine-Readable Format - Google Chrome v23 Windows Benchmark - Version 1, Release 2
Standalone XCCDF 1.1.4 - Google Chrome v24 Windows STIG Version 1, Release 1
Microsoft Exchange Online - SCuBA (1.5.0) Microsoft Exchange Online
 Cybersecurity and Infrastructure Security Agency (CISA)
 03/27/2025 Machine-Readable Format - Microsoft Exchange Online - GitHub Markdown
Prose - Microsoft Exchange Online
Microsoft Power BI - SCuBA (1.5.0) Microsoft Power Apps
 Cybersecurity and Infrastructure Security Agency (CISA)
 03/27/2025 Machine-Readable Format - Microsoft Power BI GitHub Mark down
Prose - Microsoft Power BI
Microsoft Power Platform - SCuBA (1.5.0) Microsoft Power Apps
 Cybersecurity and Infrastructure Security Agency (CISA)
 03/27/2025 Machine-Readable Format - Microsoft Power Platform - GitHub
Prose - Microsoft Power Platform
Microsoft Teams - SCuBA (1.5.0) Microsoft Teams
 Cybersecurity and Infrastructure Security Agency (CISA)
 03/27/2025 Machine-Readable Format - Microsoft Teams GitHub
Prose - Microsoft Teams
NIST National Checklist for HyperSphere Technologies (0.1) Hypersphere Technologies Vault 1.0
 Mission IT
 08/30/2024 Machine-Readable Format - OpenControl content for HyperSphere Technologies
NIST National Checklist for Verizon Intelligent API powered by Mission IT (1.0) Verizon Intelligent API
 Mission IT
 07/22/2024 Machine-Readable Format - OpenControl content for Verizon Intelligent API
NIST SP 800-179 (1.0) Apple OS X 10.10
 NIST, Computer Security Division
 07/25/2023 Machine-Readable Format - GitHub repository for Apple OS X 10.10 Baselines
Prose - Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)
SharePoint and OneDrive - SCuBA (1.5.0) Microsoft OneDrive
Microsoft SharePoint Online
 Cybersecurity and Infrastructure Security Agency (CISA)
 03/27/2025 Machine-Readable Format - Microsoft SharePoint & OneDrive GitHub
Prose - Microsoft SharePoint & OneDrive
Vanguard DB2 z/OS RACF Checklist (6.1) IBM DB2 8.1
IBM OS390
IBM RACF
IBM Z/OS Version 1, Release 9
IBM z/OS Version 1 Release 10
IBM z/OS Version 1 Release 11
IBM z/OS Version 1 Release 12
IBM z/OS Version 2, Release 1
IBM z/OS Version 2.1
 Vanguard Integrity Professionals, Inc.
 09/08/2017 Machine-Readable Format - Vanguards DB2 Checkslist for RACF on z/OS
VMware vSphere 6.5 STIG (Y23M07) VMware vSphere 6.5
 Defense Information Systems Agency
 07/25/2023 Machine-Readable Format - VMware vSphere 6.5 STIG for Ansible - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Sunset - VMware vSphere 6.5 STIG
CIS CISCO Firewall Benchmark (4.1.0) Cisco ASA 8
Cisco ASA 9
 Center for Internet Security (CIS)
 02/20/2024 Security Template - CIS CISCO Firewall Benchmark
FedRAMP Low for Red Hat Ansible Tower 3.2.x (v1) Red Hat Ansible Tower 3.2.0
Red Hat Ansible Tower 3.2.1
Red Hat Ansible Tower 3.2.2
Red Hat Ansible Tower 3.2.3
Red Hat Ansible Tower 3.2.4
Red Hat Ansible Tower 3.2.5
Red Hat Ansible Tower 3.2.6
 Red Hat
 08/27/2024 Security Template - NIST 800-53 Control Applicability Guide for Red Hat Ansible Tower 3.2.x
Security Template - FedRAMP Template for Red Hat Ansible Tower 3.x
Prose - Section 508 Voluntary Product Accessibility Template (VPAT) and Web Content Accessibility Guidelines (WCAG) 2.0 for Ansible Tower
* This checklist is still undergoing review for inclusion into the NCP.