NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

Checklist Type:

Authority:

Target:

Order By:

Content Type:

Tool Compatibility:

Keyword:

There are 829 matching records. Displaying matches 41 through 60.

Name (Version)	Target	Authority	Last Modified	Resources
Tanium 7.0 STIG (Ver 2, Rel 1)	Tanium 7.0	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - Sunset - Tanium 7.0 STIG - Ver 2, Rel 1
Microsoft Office 365 ProPlus STIG (Ver 3, Rel 3)	Microsoft Office 365 ProPlus	Defense Information Systems Agency	04/09/2025	SCAP 1.3 Content - Microsoft Office 365 ProPlus STIG SCAP Benchmark - Ver 3, Rel 4 Automated Content - SCC 5.10.2 Windows GPOs - Group Policy Objects (GPOs) - January 2025 Standalone XCCDF 1.1.4 - Rev. 4 Sunset - Microsoft Office 365 ProPlus STIG - Ver 2, Rel 12 Standalone XCCDF 1.1.4 - Microsoft Office 365 ProPlus STIG - Ver 3, Rel 3
Oracle Linux 8 STIG (Ver 2, Rel 4)	Oracle Linux 8.0	Defense Information Systems Agency	04/09/2025	SCAP 1.3 Content - Oracle Linux 8 STIG SCAP Benchmark - Ver 2, Rel 4 SCAP 1.2 Content - Sunset - Oracle Linux 8 STIG Benchmark - Ver 1, Rel 8 Automated Content - SCC 5.10.2 RHEL 7/Oracle Linux 7/SLES12/SLES 15 x86 64 Automated Content - SCC 5.10.2 RHEL 8/Oracle Linux 8 Aarch64 Automated Content - SCC 5.10.2 RHEL 8/Oracle Linux 8 x86 64 Automated Content - SCC 5.10.2 RHEL 9/Oracle Linux 9 x86 64 Standalone XCCDF 1.1.4 - Oracle Linux 8 STIG - Ver 2, Rel 4 Standalone XCCDF 1.1.4 - Oracle Linux 8 STIG for Ansible - Ver 2, Rel 4
Infoblox 8.x Domain Name System (DNS) STIG (Version 1, Release 2)	Infoblox 8.x Domain Name System (DNS)	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - Infoblox 8.x DNS STIG - Ver 1, Rel 2
Oracle 12c Database STIG (Ver 3, Rel 4)	Oracle Database 12c	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - Oracle Database 12c STIG - Ver 3, Rel 4
Kubernetes STIG (Ver 2, Rel 3)	Kubernetes	Defense Information Systems Agency	04/09/2025	SCAP 1.3 Content - Kubernetes STIG SCAP Benchmark - Ver 2, Rel 3 SCAP 1.2 Content - Sunset - Kubernetes STIG Benchmark - Ver 1, Rel 3 Standalone XCCDF 1.1.4 - Kubernetes STIG - Ver 2, Rel 3
z/OS RACF STIG (Y25M04)	IBM z/OS	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - IBM z/OS STIG Standalone XCCDF 1.1.4 - z/OS RACF Products Standalone XCCDF 1.1.4 - z/OS SRR Scripts
z/OS ACF2 STIG (Y25M04)	IBM z/OS	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - IBM z/OS STIG Standalone XCCDF 1.1.4 - z/OS ACF2 Products
VMware vSphere 8.0 STIG (Y25M04)	VMware vSphere 8.0	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - VMware vSphere 8.0 STIG
Tanium 7.x on TanOS STIG (Y25M04)	Tanium 7.x	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - Tanium 7.x TanOS STIG
VMware vSphere 7.0 STIG (Y25M04)	VMware vSphere 7.0	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - VMware vSphere 7.0 STIG
Palo Alto Networks Network Device Management (NDM) STIG (Y25M04)	Palo Alto Networks Network Device Management (NDM)	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - Palo Alto Networks STIG
Microsoft SQL Server 2016 (Y25M04)	Microsoft SQL Server 2016	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - Microsoft SQL Server 2016 STIG
IBM WebSphere Liberty Server STIG (Ver 2, Rel 2)	IBM WebSphere Liberty Server	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - IBM WebSphere Liberty Server STIG - Ver 2, Rel 2
z/OS TSS STIG (Y25M04)	IBM z/OS	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - IBM z/OS STIG Standalone XCCDF 1.1.4 - z/OS TSS Products STIG Standalone XCCDF 1.1.4 - z/OS SRR Scripts
Apache Server 2.4 Windows STIG (Y25M04)	Apache HTTP Server 2.4.0	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - Apache Server 2.4 Windows STIG
Juniper EX Series Switches STIG (Y25M04)	Juniper EX2300 Juniper EX3400 Juniper EX4100 Juniper EX4300 Juniper EX4600 Juniper EX4650 Juniper EX9200 Juniper EX9250	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - Juniper EX Series Switches STIG
CloudLinux AlmaLinux OS 9 STIG (Ver 1, Rel 2)	AlmaLinux OS 9	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - CloudLinux AlmaLinux OS 9 STIG - Ver 1, Rel 2
Canonical Ubuntu 20.04 LTS STIG (Ver 2, Rel 3)	Canonical Ubuntu 20.04 LTS	Defense Information Systems Agency	04/09/2025	SCAP 1.3 Content - Canonical Ubuntu 20.04 LTS STIG SCAP Benchmark - Ver 2, Rel 3 SCAP 1.2 Content - Sunset - Canonical Ubuntu 20.04 LTS STIG Benchmark - Ver 1, Rel 9 Automated Content - SCC 5.10.2 Ubuntu 18/20 AMD64 Automated Content - SCC 5.10.2 Ubuntu 20/Raspios-bulleye Aarch64 Automated Content - SCC 5.10.2 Ubuntu 22 AMD64 Standalone XCCDF 1.1.4 - Canonical Ubuntu 20.04 LTS STIG for Ansible - Ver 1, Rel 11 Standalone XCCDF 1.1.4 - Canonical Ubuntu 20.04 LTS STIG - Ver 2, Rel 2
Apache Tomcat Application Server 9 STIG (Ver 3, Rel 2)	Apache Tomcat 9.0	Defense Information Systems Agency	04/09/2025	Standalone XCCDF 1.1.4 - Apache Tomcat Application Server 9 STIG - Ver 3, Rel 2

* This checklist is still undergoing review for inclusion into the NCP.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Checklist Program

National Checklist Program

Checklist Repository