Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
security checklists (or benchmarks) that provide detailed low level
guidance on setting the security configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Security
Content Automation Protocol (SCAP). SCAP enables validated
security products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 878
matching records. Displaying matches 121 through 140.
| Name (Version) |
Target |
Authority |
Last Modified |
Resources |
| Excel 2013 STIG (Version 1, Release 8) |
Microsoft Excel 2013
|
Defense Information Systems Agency
|
04/30/2025 |
GPOs - Group Policy Objects (GPOs) - January 2025
|
| Infopath 2013 STIG (Version 1, Release 6) |
Microsoft Infopath 2013
|
Defense Information Systems Agency
|
04/30/2025 |
GPOs - Group Policy Objects (GPOs) - January 2025
|
| Lync 2013 STIG (Version 1, Release 5) |
Microsoft Lync 2013
|
Defense Information Systems Agency
|
04/30/2025 |
GPOs - Group Policy Objects (GPOs) - January 2025
|
| Microsoft Access 2013 STIG (Version 1, Release 7) |
Access 2013
|
Defense Information Systems Agency
|
04/30/2025 |
GPOs - Group Policy Objects (GPOs) - January 2025
|
| Microsoft Office System 2013 STIG (Version 2, Release 2) |
Office System 2013
|
Defense Information Systems Agency
|
04/30/2025 |
GPOs - Group Policy Objects (GPOs) - January 2025
|
| Microsoft Outlook 2013 STIG (Version 1, Release 14) |
Microsoft Outlook 2013
|
Defense Information Systems Agency
|
04/30/2025 |
GPOs - Group Policy Objects (GPOs) - January 2025
|
| Visio 2013 STIG (Version 1, Release 5) |
Microsoft Visio 2013
|
Defense Information Systems Agency
|
04/30/2025 |
GPOs - Group Policy Objects (GPOs) - January 2025
|
| Windows Firewall STIG (Version 1, Release 2) |
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Vista Firewall
|
Defense Information Systems Agency
|
12/12/2019 |
GPOs - Group Policy Objects (GPOs) - January 2019
Standalone XCCDF 1.1.4 - Windows Firewall STIG Version 1, Release 2
|
| Word 2013 STIG (Version 1, Release 7) |
Microsoft Word 2013
|
Defense Information Systems Agency
|
04/30/2025 |
GPOs - Group Policy Objects (GPOs) - January 2025
|
| Android 2.2 (Dell) (Version 1, Release 2) |
Google Android 2.2
|
Defense Information Systems Agency
|
09/11/2019 |
Machine-Readable Format - Sunset - Android 2.2 (DELL) STIG - Ver 1, Rel 2
|
| Docker Enterprise 2.x Linux/UNIX STIG (Ver 2 Rel 2) |
Docker Enterprise 2.0.0
|
Defense Information Systems Agency
|
08/20/2024 |
Machine-Readable Format - Docker Enterprise 2.x Linux/Unix STIG for Ansible - Ver 1, Rel 1
Standalone XCCDF 1.1.4 - Docker Enterprise 2.x Linux/Unix - Ver 2, Rel 1
Standalone XCCDF 1.1.4 - Sunset - Docker Enterprise 2.x Linux/Unix STIG - Ver 2, Rel 2
|
| Entra ID - SCuBA (1.6) |
Microsoft Azure Active Directory
|
Cybersecurity and Infrastructure Security Agency (CISA)
|
08/13/2025 |
Machine-Readable Format - Microsoft Entra ID - GitHub
Prose - Microsoft Entra ID - SCuBA
|
| FBI CJIS Compliance Profile for Red Hat Enterprise Linux 7 (RHEL7) (v0.1.31) |
Red Hat Enterprise Linux 7.0
Red Hat Enterprise Linux 7.1
Red Hat Enterprise Linux 7.2
Red Hat Enterprise Linux 7.3
|
Red Hat
|
12/04/2017 |
Machine-Readable Format - SCAP Datastream
|
| Google Chrome v23 Windows STIG (Version 1, Release 2) |
Google Chrome 23.0.1271.0
|
Defense Information Systems Agency
|
04/15/2019 |
Machine-Readable Format - Google Chrome v23 Windows Benchmark - Version 1, Release 2
Standalone XCCDF 1.1.4 - Google Chrome v23 Windows STIG Version 1, Release 2
|
| Google Chrome v24 Windows STIG (Version 1, Release 1) |
Google Chrome 24.0.1272.0
|
Defense Information Systems Agency
|
04/15/2019 |
Machine-Readable Format - Google Chrome v23 Windows Benchmark - Version 1, Release 2
Standalone XCCDF 1.1.4 - Google Chrome v24 Windows STIG Version 1, Release 1
|
| Microsoft Exchange Online - SCuBA (1.6.0) |
Microsoft Exchange Online
|
Cybersecurity and Infrastructure Security Agency (CISA)
|
08/13/2025 |
Machine-Readable Format - Microsoft Exchange Online - GitHub Markdown
Prose - BOD 25-01: Implementation Guidance for Implementing Secure Practices for Cloud Services
Prose - Microsoft Exchange Online
|
| Microsoft Power BI - SCuBA (1.6.0) |
Microsoft Power Apps
|
Cybersecurity and Infrastructure Security Agency (CISA)
|
08/13/2025 |
Machine-Readable Format - Microsoft Power BI GitHub Mark down
Prose - Microsoft Power BI
|
| Microsoft Power Platform - SCuBA (1.6.0) |
Microsoft Power Apps
|
Cybersecurity and Infrastructure Security Agency (CISA)
|
08/13/2025 |
Machine-Readable Format - Microsoft Power Platform - GitHub
Prose - BOD 25-01: Implementation Guidance for Implementing Secure Practices for Cloud Services
Prose - Microsoft Power Platform
|
| Microsoft Teams - SCuBA (1.6.0) |
Microsoft Teams
|
Cybersecurity and Infrastructure Security Agency (CISA)
|
08/13/2025 |
Machine-Readable Format - Microsoft Teams GitHub
Prose - Microsoft Teams
|
| NIST National Checklist for HyperSphere Technologies (0.1) |
Hypersphere Technologies Vault 1.0
|
Mission IT
|
08/30/2024 |
Machine-Readable Format - OpenControl content for HyperSphere Technologies
|
* This checklist is still undergoing review for
inclusion into the NCP.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
