U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 878 matching records. Displaying matches 141 through 160.

Name (Version) Target Authority Last Modified Resources
NIST National Checklist for Verizon Intelligent API powered by Mission IT (1.0) Verizon Intelligent API
 Mission IT
 07/22/2024 Machine-Readable Format - OpenControl content for Verizon Intelligent API
NIST SP 800-179 (1.0) Apple OS X 10.10
 NIST, Computer Security Division
 07/25/2023 Machine-Readable Format - GitHub repository for Apple OS X 10.10 Baselines
Prose - Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)
SharePoint and OneDrive - SCuBA (1.6.0) Microsoft OneDrive
Microsoft SharePoint Online
 Cybersecurity and Infrastructure Security Agency (CISA)
 08/13/2025 Machine-Readable Format - Microsoft SharePoint & OneDrive GitHub
Prose - Microsoft SharePoint & OneDrive
Vanguard DB2 z/OS RACF Checklist (6.1) IBM RACF
IBM Z/OS Version 1, Release 9
IBM z/OS Version 1 Release 10
IBM z/OS Version 1 Release 11
IBM z/OS Version 1 Release 12
IBM z/OS Version 2, Release 1
IBM z/OS Version 2.1
 Vanguard Integrity Professionals, Inc.
 09/08/2017 Machine-Readable Format - Vanguards DB2 Checkslist for RACF on z/OS
VMware vSphere 6.5 STIG (Y23M07) VMware vSphere 6.5
 Defense Information Systems Agency
 07/25/2023 Machine-Readable Format - VMware vSphere 6.5 STIG for Ansible - Ver 1, Rel 2
Standalone XCCDF 1.1.4 - Sunset - VMware vSphere 6.5 STIG
CIS CISCO Firewall Benchmark (4.1.0) Cisco ASA 8
Cisco ASA 9
 Center for Internet Security (CIS)
 02/20/2024 Security Template - CIS CISCO Firewall Benchmark
FedRAMP Low for Red Hat Ansible Tower 3.2.x (v1) Red Hat Ansible Tower 3.2.0
Red Hat Ansible Tower 3.2.1
Red Hat Ansible Tower 3.2.2
Red Hat Ansible Tower 3.2.3
Red Hat Ansible Tower 3.2.4
Red Hat Ansible Tower 3.2.5
Red Hat Ansible Tower 3.2.6
 Red Hat
 08/27/2024 Security Template - NIST 800-53 Control Applicability Guide for Red Hat Ansible Tower 3.2.x
Security Template - FedRAMP Template for Red Hat Ansible Tower 3.x
Prose - Section 508 Voluntary Product Accessibility Template (VPAT) and Web Content Accessibility Guidelines (WCAG) 2.0 for Ansible Tower
FedRAMP Moderate for Red Hat OpenStack Platform 13 (v1) Red Hat OpenStack Platform 13.0
 Red Hat
 08/27/2024 Security Template - NIST 800-53 Control Applicability Guide for Red Hat OpenStack Platform 13
Security Template - FedRAMP Moderate Template SSP for Red Hat OpenStack Platform 13
NIST SP 800-43 (Update R1.2.3) Microsoft Windows 2000
 NIST, Computer Security Division
 09/12/2014 Security Template - The security template for the checklist entitled NIST 800-43.
Standalone XCCDF 1.1.4 - The XCCDF representation of the checklist entitled NIST SP 800-43.
Prose - The landing page for the NIST SP 800-43 checklist.
OpenShift 3.x on Azure for Government (FedRAMP Moderate) (v1) Red Hat OpenShift Container Platform 3.10
Red Hat OpenShift Container Platform 3.11
Red Hat OpenShift Container Platform 3.5
Red Hat OpenShift Container Platform 3.6
Red Hat OpenShift Container Platform 3.7
Red Hat OpenShift Container Platform 3.8
Red Hat OpenShift Container Platform 3.9
 Red Hat
 09/06/2024 Security Template - Ansible Playbooks supporting the creation of either a multi-node full HA production cluster or a single node designed for exploration of OpenShift on Azure.
Prose - Deploying Red Hat OpenShift Container Platform 3 on Microsoft Azure
A10 Networks Application Delivery Controller (ADC) (Y24M07) A10 Networks Application Delivery Controller
 Defense Information Systems Agency
 08/08/2024 Standalone XCCDF 1.1.4 - Sunset - A10 Networks ADC STIG
Access 2007 STIG (Version 4, Release 15) Microsoft Access 2007
 Defense Information Systems Agency
 09/11/2019 Standalone XCCDF 1.1.4 - Sunset - Microsoft Access 2007 STIG - Ver 4, Rel 15
Access 2010 STIG (Version 1, Release 11) Microsoft Access 2010
 Defense Information Systems Agency
 08/08/2024 Standalone XCCDF 1.1.4 - Sunset - Microsoft Access 2010 STIG - Ver 1, Rel 11
Active Directory Domain STIG (Ver 3, Rel 6) Microsoft Active Directory
 Defense Information Systems Agency
 01/22/2026 Standalone XCCDF 1.1.4 - Active Directory Domain STIG - Ver 3, Rel 6
Active Directory Forest STIG (Ver 3, Rel 2) Microsoft Active Directory
 Defense Information Systems Agency
 09/02/2025 Standalone XCCDF 1.1.4 - Active Directory Forest STIG - Ver 3, Rel 2
Adobe Acrobat Pro XI STIG (Version 1, Release 2) Adobe Acrobat Pro XI
 Defense Information Systems Agency
 09/11/2019 Standalone XCCDF 1.1.4 - Sunset - Adobe Acrobat Pro XI STIG Ver 1, Rel 2
Adobe ColdFusion (Version 2, Release 1) Adobe ColdFusion
 Defense Information Systems Agency
 07/28/2021 Standalone XCCDF 1.1.4 - Sunset - Adobe ColdFusion 11 STIG - Ver 2, Rel 1
Adobe ColdFusion STIG (Ver 1, Rel 1) Adobe ColdFusion
 Defense Information Systems Agency
 02/03/2026 Standalone XCCDF 1.1.4 - Adobe ColdFusion STIG - Ver 1, Rel 1
AirWatch MDM Software 6.5 STIG (Version 1, Release 3) AirWatch Mobile Device Management (MDM) Software 6.5
 Defense Information Systems Agency
 09/11/2019 Standalone XCCDF 1.1.4 - Sunset - AirWatch MDM STIG - Ver 1, Rel 3
Akamai KSD Service IL2 STIG (Version 1) Akamai Kona Site Defender Service Impact Level 2
 Defense Information Systems Agency
 12/17/2025 Standalone XCCDF 1.1.4 - Akamai KSD Service IL2 ALG STIG Version 1
Standalone XCCDF 1.1.4 - Akamai KSD Service IL2 NDM STIG Version 1
* This checklist is still undergoing review for inclusion into the NCP.