) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Checklist Repository
The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Security
Content Automation Protocol (SCAP). SCAP enables validated
security products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Please note that the current search fields have been adjusted to
reflect NIST SP 800-70 Revision 4.
Search for Checklists using the fields below. The keyword search will search across the name, and summary.
There are 829 matching records. Displaying matches 811 through 829.
| Name (Version) | Target | Authority | Last Modified | Resources |
|---|---|---|---|---|
| Guide to Sun Microsystems Java Plug-in Security (v1.0) | Sun Java Plug-in 1.4.2 |
National Security Agency |
10/24/2018 | Prose - Guide to Sun Microsystems Java Plug-in Security |
| HP LaserJet 4345 MFP Security Checklist (Version 1) | HP LaserJet 4345 MFP |
HP |
07/23/2009 | Prose - HP LaserJet 4345 MFP Security Checklist |
| Instant Messaging Checklist (Version 1, Release 2.5) | Ezenia InfoWorkSpace 2.5.1.3 IBM Lotus SameTime 8.5.1 Ipswitch Instant Messaging 2.02 Jabber XCP 5.0 Liquid Communication Systems, LLC Effusia Business Messenger 4.3 Liquid Communication Systems, LLC Effusia Business Messenger Server 4.0 Microsoft Live Communications Server 2005 Microsoft Office Communications Server Sigaba Secure Instant Messaging 1.2 WiredRed e/Pop Instant Messaging 4.5 |
Defense Information Systems Agency |
04/15/2019 | Prose - Instant Messaging Checklist |
| KM-8030 MFP Security Checklist (Version 1) | Kyocera KM-8030 MFP |
Kyocera Mita America INC |
09/20/2017 | Prose - KM-8030 MFP Security Checklist |
| Kyocera KM-6030 Security Checklist (1.1) | Kyocera KM-6030 |
Kyocera Mita America INC |
09/20/2017 | Prose - Kyocera KM-6030 Security Checklist |
| Microsoft Defender for Office 365 - SCuBA (1.5.0) | Microsoft Windows Defender |
Cybersecurity and Infrastructure Security Agency (CISA) |
03/27/2025 | Prose - CISA GitHub for ScubaGear - MSFT Defender Prose - Microsoft Defender for Office 365 |
| Microsoft Office 2007 Overview (Version 4, Release 14) | Microsoft Access 2007 Microsoft Excel 2007 Microsoft Infopath 2007 Microsoft Office 2007 Microsoft Outlook 2007 Microsoft PowerPoint 2007 Microsoft Visio 2007 Microsoft Word 2007 |
Defense Information Systems Agency |
09/11/2019 | Prose - Sunset - Microsoft Office 2007 Overview - Ver 4, Rel 14 |
| Microsoft Windows 10 1511 (1.0) | Microsoft Windows 10 1511 32-bit Microsoft Windows 10 1511 64-bit |
Microsoft Corporation |
09/19/2022 | Prose - Microsoft Windows 10 1511 |
| Microsoft Windows 2000 IPsec Guide (v1.0) | Microsoft Windows 2000 |
National Security Agency |
10/24/2018 | Prose - Microsoft Windows 2000 IPsec Guide |
| Microsoft Windows 2000 Router Configuration Guide (v1.02) | Microsoft Windows Server 2000 |
National Security Agency |
10/24/2018 | Prose - Microsoft Windows 2000 Router Configuration Guide |
| NIST SP 800-68 (R1.2.0) | Microsoft Windows XP |
NIST National Vulnerability Database |
06/01/2017 | Prose - NIST Prose Guidance for Windows XP. Prose - This FDCC resource has been deprecated by USGCB content. |
| OpenVMS Security Checklist (Version 2 Release 2.3) | HP OpenVMS Alpha 6.1 HP OpenVMS Alpha 6.2 HP OpenVMS Alpha 7.0 HP OpenVMS Alpha 7.1 HP OpenVMS Alpha 7.2 HP OpenVMS Alpha 7.3 HP OpenVMS VAX 5.3 HP OpenVMS VAX 5.4 HP OpenVMS VAX 5.5 HP OpenVMS VAX 6.0 HP OpenVMS VAX 6.1 HP OpenVMS VAX 6.2 HP OpenVMS VAX 7.0 HP OpenVMS VAX 7.1 HP OpenVMS VAX 7.2 HP OpenVMS VAX 7.3 |
Defense Information Systems Agency |
04/15/2019 | Prose - OpenVMS SECURITY CHECKLIST |
| Oracle 9 STIG (Version 8 Release 1.8) | Oracle Database 9i Oracle Database Server 9.2 |
Defense Information Systems Agency |
09/11/2019 | Prose - Sunset - Oracle 9 Database STIG - Ver 8, Rel 1.8 |
| Router Security Configuration Guide (v1.1c) | Cisco IOS 11.3 Cisco IOS 12.0 Cisco IOS 12.1 Cisco IOS 12.2 Cisco IOS 12.3 |
National Security Agency |
10/24/2018 | Prose - Prose guidance for Router Security Configuration Guide. |
| Router Security Configuration Guide Supplement - Security for IPv6 Routers (v1.0) | Cisco IOS 12.3 Cisco IOS 12.3t Cisco IOS 12.4 Cisco IOS 12.4t |
National Security Agency |
10/24/2018 | Prose - Router Security Configuration Guide Supplement – Security for IPv6 Routers |
| SQL Server 2000 Database Security Checklist (Version 8 Release 1.7) | Microsoft SQL Server 2000 |
Defense Information Systems Agency |
04/15/2019 | Prose - SQL Server 2000 Database Security Checklist - Version 8 Release 1.7 |
| SQL Server 7 Database Security Checklist (Version 8 Release 1.7) | Microsoft SQL Server 7.0 |
Defense Information Systems Agency |
04/15/2019 | Prose - SQL Server 7 Database Security Checklist - Version 8 Release 1.7 |
| Symantec Endpoint Protection 12.1 Overview (Version 1, Release 1) | Symantec Endpoint Protection 12.1 |
Defense Information Systems Agency |
09/11/2019 | Prose - Sunset - Symantec Endpoint Protection 12.1 Overview - Ver 1, Rel 1 |
| Unisys STIG Checklist (Version 7 Release 2) | Unisys 2200 6.1 Unisys 2200 8.1 |
Defense Information Systems Agency |
04/15/2019 | Prose - Unisys Checklist - Version 7, Release 2. Prose - Unisys STIG - Version 7, Release 2 |
* This checklist is still undergoing review for
inclusion into the NCP.