U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 878 matching records. Displaying matches 161 through 180.

Name (Version) Target Authority Last Modified Resources
Amazon Linux 2023 (Ver 1, Rel 2) Amazon Linux
 Defense Information Systems Agency
 02/17/2026 Standalone XCCDF 1.1.4 - Amazon Linux 2023 STIG - Ver 1, Rel 2
Anduril NixOS STIG (Ver 1, Rel 2) Anduril NixOS
 Defense Information Systems Agency
 12/05/2025 Standalone XCCDF 1.1.4 - Anduril NixOS STIG - Ver 1, Rel 2
Apache 2.0 STIG - UNIX (Version 1, Release 5) Apache HTTP Server 2.0
 Defense Information Systems Agency
 09/11/2019 Standalone XCCDF 1.1.4 - Sunset - Apache 2.0 UNIX STIG - Ver 1, Rel 5
Apache 2.0 STIG - Windows (Version 1, Release 5) Apache HTTP Server 2.0
 Defense Information Systems Agency
 09/11/2019 Standalone XCCDF 1.1.4 - Sunset - Apache 2.0 Windows STIG - Ver 1, Rel 5
Apache 2.2 STIG - UNIX (Version 1, Release 11) Apache HTTP Server 2.2
 Defense Information Systems Agency
 06/02/2025 Standalone XCCDF 1.1.4 - Sunset - Apache 2.2 STIG UNIX - Ver 1, Rel 11
Apache 2.2 STIG - Windows (Version 1, Release 13) Apache HTTP Server 2.2
 Defense Information Systems Agency
 06/02/2025 Standalone XCCDF 1.1.4 - Sunset - Apache 2.2 STIG Windows - Ver 1, Rel 13
Apache Server 2.4 UNIX STIG (Y25M04) Apache HTTP Server 2.4.0
 Defense Information Systems Agency
 04/09/2025 Standalone XCCDF 1.1.4 - Apache Server 2.4 Unix STIG
Apache Server 2.4 Windows STIG (Y25M04) Apache HTTP Server 2.4.0
 Defense Information Systems Agency
 04/09/2025 Standalone XCCDF 1.1.4 - Apache Server 2.4 Windows STIG
Apache Tomcat Application Server 9 STIG (Ver 3, Rel 3) Apache Tomcat 9.0
 Defense Information Systems Agency
 01/21/2026 Standalone XCCDF 1.1.4 - Apache Tomcat Application Server 9 STIG - Ver 3, Rel 3
Apple iOS 10 STIG (Version 1, Release 3) Apple iOS 10
 Defense Information Systems Agency
 09/11/2019 Standalone XCCDF 1.1.4 - Sunset - Apple iOS 10 STIG - Ver 1, Rel 3
Apple iOS 11 STIG (Ver 1, Rel 4) Apple iOS 11
 Defense Information Systems Agency
 09/11/2019 Standalone XCCDF 1.1.4 - Sunset - Apple iOS 11 STIG - Ver 1, Rel 4
Apple iOS 12 STIG (Ver 2, Rel 1) Apple iOS 12
 Defense Information Systems Agency
 10/28/2022 Standalone XCCDF 1.1.4 - Sunset - Apple iOS 12 STIG - Ver 2, Rel 1
Apple iOS 6 STIG (Version 1, Release 2) Apple iPad Mini
Apple iPad2
Apple iPhone 4s
Apple iPhone 5
Apple iPhone OS 6.0
Apple iPhone OS 6.0.1
Apple iPhone OS 6.0.2
Apple iPhone OS 6.1
 Defense Information Systems Agency
 04/15/2019 Standalone XCCDF 1.1.4 - Apple iOS 6 STIG, Version 1, Release 2
Apple iOS 7 STIG (Version 1 Release 2) Apple iPhone OS 7.0
 Defense Information Systems Agency
 04/15/2019 Standalone XCCDF 1.1.4 - Apple iOS 7 STIG Version 1 Release 2
APPLE iOS 8 INTERIM SECURITY CONFIGURATION GUIDE (ISCG) (Version 1, Release 1) Apple iPhone OS 8.0
 Defense Information Systems Agency
 04/15/2019 Standalone XCCDF 1.1.4 - APPLE iOS 8 INTERIM SECURITY CONFIGURATION GUIDE (ISCG)
Apple iOS/iPadOS 16 BYOAD STIG (Ver 1, Rel 1) Apple iOS/iPadOS 16
 Defense Information Systems Agency
 08/20/2025 Standalone XCCDF 1.1.4 - Apple iOS/iPadOS 16 BYOAD STIG - Ver 1, Rel 1
Apple iOS/iPadOS 16 STIG (Ver 2, Rel 1) Apple iOS/iPadOS 16
 Defense Information Systems Agency
 08/29/2025 Standalone XCCDF 1.1.4 - Sunset - Apple iOS/iPadOS 16 STIG - Ver 2, Rel 2
Apple iOS/iPadOS 17 STIG (Ver 2, Rel 1) Apple iOS 17.0
 Defense Information Systems Agency
 08/20/2025 Standalone XCCDF 1.1.4 - Apple iOS/iPadOS 17 STIG - Ver 2, Rel 1
Apple iOS/iPadOS 18 STIG (Ver 2, Rel 2) Apple iPadOS 18.0
Apple iPhone OS 18.0
 Defense Information Systems Agency
 01/22/2026 Standalone XCCDF 1.1.4 - Apple iOS/iPadOS 18 - Ver 2, Rel 2
Apple iOS/iPadOS 26 STIG (Ver 1, Rel 2) Apple iOS 26
Apple iPadOS 26.0.0
 Defense Information Systems Agency
 02/17/2026 Standalone XCCDF 1.1.4 - Apple iOS/iPadOS 26 STIG - Ver 1, Rel 2
* This checklist is still undergoing review for inclusion into the NCP.