U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 877 matching records. Displaying matches 81 through 100.

Name (Version) Target Authority Last Modified Resources
Microsoft Access 2016 STIG (Version 2, Release 1) Microsoft Access 2016
 Defense Information Systems Agency
 01/30/2026 Standalone XCCDF 1.1.4 - Sunset-Microsoft Access 2016 STIG - Ver 2, Rel 1
Red Hat Ansible Automation Controller STIG (Y26M01) Red Hat Ansible Automation Controller
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Red Hat Ansible Automation Controller STIG
z/OS TSS STIG (Y26M01) IBM z/OS
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - IBM z/OS STIG
Standalone XCCDF 1.1.4 - z/OS TSS Products
Standalone XCCDF 1.1.4 - z/OS SRR Scripts
Microsoft Visio 2016 STIG (Version 2, Release 1) Microsoft Visio 2016
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Sunset-Microsoft Visio 2016 STIG - Ver 2, Rel 1
NetApp ONTAP DSC 9.X STIG (Ver 2, Rel 3) NetApp ONTAP DSC 9.x
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - NetApp ONTAP DSC 9.x STIG - Ver 2, Rel 3
Rancher Government Solutions Multi-Cluster Manager STIG (Ver 2, Rel 2) Kubernetes
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Rancher Government Solutions Multi-Cluster Manager STIG - Ver 2, Rel 2
Oracle Database 19c STIG (Ver 1, Rel 4) Oracle Database 19c
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Oracle Database 19c STIG - Ver 1, Rel 4
Rancher Government Solutions RKE2 STIG (Ver 2, Rel 5) Rancher RKE2
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Rancher Government Solutions RKE2 STIG - Ver 2, Rel 5
Microsoft Project 2016 STIG (Version 1, Release 1) Microsoft Project 2016
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Microsoft Project 2016 STIG - Ver 1, Rel 1
Cloud Linux AlmaLinux OS 9 STIG (Ver 1, Rel 5) AlmaLinux OS 9
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Cloud Linux AlmaLinux OS 9 STIG - Ver 1, Rel 5
Juniper EX Series Switches STIG (Y26M01) Juniper EX2300
Juniper EX3400
Juniper EX4100
Juniper EX4300
Juniper EX4600
Juniper EX4650
Juniper EX9200
Juniper EX9250
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Juniper EX Series Switches STIG
Microsoft Entra ID STIG (Ver 1, Rel 1) Microsoft Entra ID
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Microsoft Entra ID STIG - Ver 1, Rel 1
SUSE Linux Enterprise Server (SLES) 15 STIG for Ansible (Ver 2, Rel 6) SUSE Linux Enterprise Server 15
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - SUSE Linux Enterprise Server 15 for Ansible - Ver 2, Rel 6
Zebra Android 11 COBO STIG (Ver 1, Rel 4) Google Android 11.0
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Sunset-Zebra Android 11 COBO STIG - Ver 1, Rel 4
Dragos Platform 2.x STIG (Ver 1, Rel 5) Dragos Platform
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Dragos Platform 2.x STIG - Ver 1, Rel 5
Xylok Security Suite 20.x STIG (Ver 1, Rel 2) Xylok Security Suite
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Xylok Security Suite 20.x STIG - Ver 1, Rel 2
Red Hat OpenShift Container Platform 4.12 STIG (Ver 2, Rel 5) Red Hat OpenShift Container Platform 4.12
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - Red Hat OpenShift Container Platform 4.x STIG - Ver 2, Rel 5
IBM WebSphere Liberty Server STIG (Ver 2, Rel 3) IBM WebSphere Liberty Server
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - IBM WebSphere Liberty Server STIG - Ver 2, Rel 3
SUSE Linux Enterprise Micro 5 STIG (Ver 1, Rel 3) SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Micro 5.4
SUSE Linux Enterprise Micro 5.5
 Defense Information Systems Agency
 01/23/2026 Standalone XCCDF 1.1.4 - SUSE Linux Enterprise Micro 5 STIG - Ver 1, Rel 3
Fortinet FortiGate Firewall STIG (Y26M01) Fortinet Fortigate Firewall
 Defense Information Systems Agency
 01/22/2026 Standalone XCCDF 1.1.4 - Fortinet FortiGate Firewall STIG
* This checklist is still undergoing review for inclusion into the NCP.