U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

Checklist Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

NCP provides metadata and links to checklists of various formats including checklists that conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security products to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.
Please note that the current search fields have been adjusted to reflect NIST SP 800-70 Revision 4.

Search for Checklists using the fields below. The keyword search will search across the name, and summary.

There are 787 matching records. Displaying matches 771 through 787.

Name (Version) Target Authority Last Modified Resources
USGCB Internet Explorer 7 (2.1.x.1) Microsoft Internet Explorer 7
 USGCB/TIS
 03/30/2018 SCAP 1.2 Content - USGCB Internet Explorer 7 SCAP Content using OVAL version 5.10
GPOs - USGCB IE7 GPOs
Prose - This is the human readable version of the USGCB settings.
Remote XenApp ICA Thin Client STIG (Version 2, Release 7) Citrix XenApp
 Defense Information Systems Agency
 03/05/2018 Standalone XCCDF 1.1.4 - Remote XenApp ICA Thin Client STIG - Version 2, Release 7
FBI CJIS Compliance Profile for Red Hat Enterprise Linux 7 (RHEL7) (v0.1.31) Red Hat Enterprise Linux 7.0
Red Hat Enterprise Linux 7.1
Red Hat Enterprise Linux 7.2
Red Hat Enterprise Linux 7.3
 Red Hat
 12/04/2017 Machine-Readable Format - SCAP Datastream
JBoss Enterprise Application Platform (EAP) (5.x) Red Hat JBoss Enterprise Application Platform 5.0.0
Red Hat JBoss Enterprise Application Platform 5.0.1
Red Hat JBoss Enterprise Application Platform 5.1.0
Red Hat JBoss Enterprise Application Platform 5.1.1
Red Hat JBoss Enterprise Application Platform 5.1.2
 Red Hat
 10/23/2017 SCAP 1.1 Content - JBoss Enterprise Application Platform (EAP)
KM-8030 MFP Security Checklist (Version 1) Kyocera KM-8030 MFP
 Kyocera Mita America INC
 09/20/2017 Prose - KM-8030 MFP Security Checklist
Kyocera KM-6030 Security Checklist (1.1) Kyocera KM-6030
 Kyocera Mita America INC
 09/20/2017 Prose - Kyocera KM-6030 Security Checklist
Vanguard DB2 z/OS RACF Checklist (6.1) IBM DB2 8.1
IBM OS390
IBM RACF
IBM Z/OS Version 1, Release 9
IBM z/OS Version 1 Release 10
IBM z/OS Version 1 Release 11
IBM z/OS Version 1 Release 12
IBM z/OS Version 2, Release 1
IBM z/OS Version 2.1
 Vanguard Integrity Professionals, Inc.
 09/08/2017 Machine-Readable Format - Vanguards DB2 Checkslist for RACF on z/OS
Samsung Knox Android 1.0 STIG (Version 2 Release 2) Samsung Knox Android 1.0
 Defense Information Systems Agency
 08/16/2017 Standalone XCCDF 1.1.4 - Samsung Knox Android 1.0 STIG Version 2 Release 2
Macintosh Operating System X 10.5 (Version 1, Release 2) Apple Mac OS X 10.5
 Defense Information Systems Agency
 08/15/2017 Standalone XCCDF 1.1.4 - Mac OS X 10.5 STIG, Version 1, Release 2
BlackBerry PlayBook OS v2.1 STIG (Version 1, Release 2) Research in Motion BlackBerry PlayBook OS 2.1
 Defense Information Systems Agency
 08/15/2017 Standalone XCCDF 1.1.4 - BlackBerry PlayBook OS v2.1 STIG Version 1, Release 2
Java Runtime Environment (JRE) 7 (Version 1, Release 5) Oracle Java Runtime Environment (JRE) 1.7.0
 Defense Information Systems Agency
 08/15/2017 Standalone XCCDF 1.1.4 - Java Runtime Environment (JRE) 7 - Version 1, Release 5
Java Runtime Environment (JRE) 6 (Version 1, Release 5) Sun JRE 1.6.0
 Defense Information Systems Agency
 08/15/2017 Standalone XCCDF 1.1.4 - Java Runtime Environment (JRE) 6, Version 1, Release 5
NIST SP 800-68 (R1.2.0) Microsoft Windows XP
 NIST National Vulnerability Database
 06/01/2017 Prose - NIST Prose Guidance for Windows XP.
Prose - This FDCC resource has been deprecated by USGCB content.
APT-Suspicious file names and file locations (v0.4) Microsoft Windows 7
Microsoft Windows XP
 CyberESI
 05/06/2017 SCAP 1.2 Content - APT - Suspicious file names and file locations
NIST SP 800-43 (Update R1.2.3) Microsoft Windows 2000
 NIST, Computer Security Division
 09/12/2014 Security Template - The security template for the checklist entitled NIST 800-43.
Standalone XCCDF 1.1.4 - The XCCDF representation of the checklist entitled NIST SP 800-43.
Prose - The landing page for the NIST SP 800-43 checklist.
Suspicious file names and file locations (v0.3) Microsoft Windows XP
 CyberESI
 06/07/2011 SCAP 1.1 Content - Suspicious file names and file locations
HP LaserJet 4345 MFP Security Checklist (Version 1) HP LaserJet 4345 MFP
 HP
 07/23/2009 Prose - HP LaserJet 4345 MFP Security Checklist
* This checklist is still undergoing review for inclusion into the NCP.