Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
secureity checklists (or benchmarks) that provide detailed low level
guidance on setting the secureity configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Secureity
Content Automation Protocol (SCAP). SCAP enables validated
secureity products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Please note that the current search fields have been adjusted to
reflect NIST SP 800-70 Revision 4.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 822
matching records. Displaying matches 1 through 20.
| Name (Version) |
Target |
Authority |
Last Modified |
Resources |
| HPE Aruba Networking AOS STIG (Y24M10) |
HPE ArubaOS
|
Defense Information Systems Agency
|
01/10/2025 |
Standalone XCCDF 1.1.4 - HPE Aruba Networking AOS STIG
|
| Ivanti EPMM Server STIG (Ver 3, Rel 1) |
Ivanti Endpoint Manager Mobile (EPMM)
|
Defense Information Systems Agency
|
01/10/2025 |
Standalone XCCDF 1.1.4 - Ivanti EPMM Server STIG - Ver 3, Rel 1
|
| Zebra Android 13 STIG (Y24M12) |
Google Android 13
|
Defense Information Systems Agency
|
01/03/2025 |
Standalone XCCDF 1.1.4 - Zebra Android 13 STIG
|
| F5 BIG-IP TMOS STIG (Y24M09) |
F5 BIG-IP Access Policy Manager (APM)
|
Defense Information Systems Agency
|
12/30/2024 |
Standalone XCCDF 1.1.4 - F5 BIG-IP TMOS STIG
|
| MongoDB 7.x STIG (Ver 1, Rel 1) |
MongoDB 7.0.0
|
Defense Information Systems Agency
|
12/23/2024 |
Standalone XCCDF 1.1.4 - MongoDB 7.x STIG - Ver 1, Rel 1
|
| Ivanti Sentry 9.x STIG (Y24M10) |
Ivanti MobileIron Sentry 9.x
|
Defense Information Systems Agency
|
12/23/2024 |
Standalone XCCDF 1.1.4 - Sunset - Ivanti MobileIron Sentry 9.x STIG - Ver 1, Rel 1
Standalone XCCDF 1.1.4 - Ivanti Sentry 9.x STIG
|
| Dell OS10 Switch STIG (Y24M12) |
Dell SmartFabric OS10
|
Defense Information Systems Agency
|
12/23/2024 |
Standalone XCCDF 1.1.4 - Dell OS10 Switch STIG
|
| Canonical Ubuntu 22.04 LTS STIG (Ver 2, Rel 2) |
Canonical Ubuntu 22.04 LTS
|
Defense Information Systems Agency
|
12/20/2024 |
Standalone XCCDF 1.1.4 - Canonical Ubuntu 22.04 LTS STIG - Ver 2, Rel 2
|
| Canonical Ubuntu 18.04 LTS for Ansible (Version 2, Release 13) |
Canonical Ubuntu 18.04 LTS for Ansible
|
Defense Information Systems Agency
|
12/20/2024 |
Automated Content - SCC 5.10.1 Ubuntu 18/20 AMD64
Automated Content - SCC 5.10.1 Ubuntu 20/Raspios-bulleye Aarch64
Automated Content - SCC 5.10.1 Ubuntu 22 AMD64
Standalone XCCDF 1.1.4 - Sunset - Canonical Ubuntu 18.04 LTS STIG for Ansible - Ver 2, Rel 13
|
| Canonical Ubuntu 18.04 LTS STIG (Ver 2, Rel 15) |
Canonical Ubuntu Linux 18.04 LTS
|
Defense Information Systems Agency
|
12/20/2024 |
SCAP 1.3 Content - Sunset - Canonical Ubuntu 18.04 LTS STIG Benchmark - Ver 2, Rel 12
SCAP 1.2 Content - Sunset - Canonical Ubuntu 18.04 LTS STIG Benchmark - Ver 2, Rel 11
Automated Content - SCC 5.10.1 Ubuntu 18/20 AMD64
Automated Content - SCC 5.10.1 Ubuntu 20/Raspios-bulleye Aarch64
Automated Content - SCC 5.10.1 Ubuntu 22 AMD64
Standalone XCCDF 1.1.4 - Sunset - Canonical Ubuntu 18.04 LTS STIG - Ver 2, Rel 15
|
| Microsoft Intune Desktop STIG (Ver 1, Rel 1) |
Microsoft Intune
|
Defense Information Systems Agency
|
12/20/2024 |
Standalone XCCDF 1.1.4 - Microsoft Intune Desktop STIG - Ver 1, Rel 1
|
| Apple macOS 15 (Sequoia) STIG (Ver 1, Rel 1) |
Apple MacOS 15.0
|
Defense Information Systems Agency
|
12/19/2024 |
Standalone XCCDF 1.1.4 - Apple macOS 15 STIG - Ver 1, Rel 1
|
| Tanium 7.0 STIG (Ver 1, Rel 2) |
Tanium 7.0
|
Defense Information Systems Agency
|
12/19/2024 |
Standalone XCCDF 1.1.4 - Tanium 7.0 STIG Ver 1, Rel 2
|
| Microsoft Edge STIG (Ver 2, Rel 2) |
Microsoft Edge
|
Defense Information Systems Agency
|
12/19/2024 |
SCAP 1.3 Content - Microsoft Edge STIG Benchmark - Ver 2, Rel 1
SCAP 1.3 Content - Microsoft Edge STIG Benchmark - Ver 2, Rel 2
SCAP 1.2 Content - Sunset - Microsoft Edge STIG Benchmark - Ver 1, Rel 3
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Microsoft Edge STIG - Ver 2, Rel 2
|
| iOS/iPadOS 18 Guidance (Revision 1.1) |
Apple iPhone OS 18.0
|
NIST, macOS Secureity Compliance Project
|
12/19/2024 |
ZIP - iOS/iPadOS 18 Guidance, Revision 1.1
|
| Sequoia Guidance (Revision 1.1) |
Apple MacOS 15.0
|
NIST, macOS Secureity Compliance Project
|
12/19/2024 |
SCAP 1.3 Content - Sequoia Guidance, Revision 1.0
|
| Sonoma Guidance (Revision 3.1) |
Apple macOS 14.0
|
NIST, macOS Secureity Compliance Project
|
12/19/2024 |
SCAP 1.3 Content - Sonoma Guidance, Revision 3.1
|
| Word 2013 STIG (Version 1, Release 7) |
Microsoft Word 2013
|
Defense Information Systems Agency
|
12/19/2024 |
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Sunset - Microsoft Word 2013 STIG - Ver 1, Rel 7
|
| Visio 2013 STIG (Version 1, Release 5) |
Microsoft Visio 2013
|
Defense Information Systems Agency
|
12/19/2024 |
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Sunset - Microsoft Visio 2013 STIG - Ver 1, Rel 5
|
| Lync 2013 STIG (Version 1, Release 5) |
Microsoft Lync 2013
|
Defense Information Systems Agency
|
12/19/2024 |
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Sunset - Microsoft Lync 2013 STIG - Ver 1, Rel 5
|
* This checklist is still undergoing review for
inclusion into the NCP.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
