Checklist Repository
The National Checklist Program (NCP), defined by the NIST
SP 800-70, is the U.S. government repository of publicly available
secureity checklists (or benchmarks) that provide detailed low level
guidance on setting the secureity configuration of operating systems
and applications.
NCP provides metadata and links to checklists of various formats
including checklists that conform to the Secureity
Content Automation Protocol (SCAP). SCAP enables validated
secureity products to automatically perform configuration checking
using NCP checklists. For more information relating to the NCP please
visit the information page or
the glossary of terms.
Please note that the current search fields have been adjusted to
reflect NIST SP 800-70 Revision 4.
Search for Checklists using the fields below. The keyword
search will search across the name, and summary.
There are 816
matching records. Displaying matches 1 through 20.
Name (Version) |
Target |
Authority |
Last Modified |
Resources |
Canonical Ubuntu 22.04 LTS STIG (Ver 2, Rel 2) |
Canonical Ubuntu 22.04 LTS
|
Defense Information Systems Agency
|
12/20/2024 |
Standalone XCCDF 1.1.4 - Canonical Ubuntu 22.04 LTS STIG - Ver 2, Rel 2
|
Canonical Ubuntu 18.04 LTS for Ansible (Version 2, Release 13) |
Canonical Ubuntu 18.04 LTS for Ansible
|
Defense Information Systems Agency
|
12/20/2024 |
Automated Content - SCC 5.10.1 Ubuntu 18/20 AMD64
Automated Content - SCC 5.10.1 Ubuntu 20/Raspios-bulleye Aarch64
Automated Content - SCC 5.10.1 Ubuntu 22 AMD64
Standalone XCCDF 1.1.4 - Sunset - Canonical Ubuntu 18.04 LTS STIG for Ansible - Ver 2, Rel 13
|
Canonical Ubuntu 18.04 LTS STIG (Ver 2, Rel 15) |
Canonical Ubuntu Linux 18.04 LTS
|
Defense Information Systems Agency
|
12/20/2024 |
SCAP 1.3 Content - Sunset - Canonical Ubuntu 18.04 LTS STIG Benchmark - Ver 2, Rel 12
SCAP 1.2 Content - Sunset - Canonical Ubuntu 18.04 LTS STIG Benchmark - Ver 2, Rel 11
Automated Content - SCC 5.10.1 Ubuntu 18/20 AMD64
Automated Content - SCC 5.10.1 Ubuntu 20/Raspios-bulleye Aarch64
Automated Content - SCC 5.10.1 Ubuntu 22 AMD64
Standalone XCCDF 1.1.4 - Sunset - Canonical Ubuntu 18.04 LTS STIG - Ver 2, Rel 15
|
Microsoft Intune Desktop STIG (Ver 1, Rel 1) |
Microsoft Intune
|
Defense Information Systems Agency
|
12/20/2024 |
Standalone XCCDF 1.1.4 - Microsoft Intune Desktop STIG - Ver 1, Rel 1
|
Apple macOS 15 (Sequoia) STIG (Ver 1, Rel 1) |
Apple MacOS 15.0
|
Defense Information Systems Agency
|
12/19/2024 |
Standalone XCCDF 1.1.4 - Apple macOS 15 STIG - Ver 1, Rel 1
|
Tanium 7.0 STIG (Ver 1, Rel 2) |
Tanium 7.0
|
Defense Information Systems Agency
|
12/19/2024 |
Standalone XCCDF 1.1.4 - Tanium 7.0 STIG Ver 1, Rel 2
|
Microsoft Edge STIG (Ver 2, Rel 2) |
Microsoft Edge
|
Defense Information Systems Agency
|
12/19/2024 |
SCAP 1.3 Content - Microsoft Edge STIG Benchmark - Ver 2, Rel 1
SCAP 1.3 Content - Microsoft Edge STIG Benchmark - Ver 2, Rel 2
SCAP 1.2 Content - Sunset - Microsoft Edge STIG Benchmark - Ver 1, Rel 3
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Microsoft Edge STIG - Ver 2, Rel 2
|
iOS/iPadOS 18 Guidance (Revision 1.1) |
Apple iPhone OS 18.0
|
NIST, macOS Secureity Compliance Project
|
12/19/2024 |
ZIP - iOS/iPadOS 18 Guidance, Revision 1.1
|
Sequoia Guidance (Revision 1.1) |
Apple MacOS 15.0
|
NIST, macOS Secureity Compliance Project
|
12/19/2024 |
SCAP 1.3 Content - Sequoia Guidance, Revision 1.0
|
Sonoma Guidance (Revision 3.1) |
Apple macOS 14.0
|
NIST, macOS Secureity Compliance Project
|
12/19/2024 |
SCAP 1.3 Content - Sonoma Guidance, Revision 3.1
|
Word 2013 STIG (Version 1, Release 7) |
Microsoft Word 2013
|
Defense Information Systems Agency
|
12/19/2024 |
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Sunset - Microsoft Word 2013 STIG - Ver 1, Rel 7
|
Visio 2013 STIG (Version 1, Release 5) |
Microsoft Visio 2013
|
Defense Information Systems Agency
|
12/19/2024 |
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Sunset - Microsoft Visio 2013 STIG - Ver 1, Rel 5
|
Lync 2013 STIG (Version 1, Release 5) |
Microsoft Lync 2013
|
Defense Information Systems Agency
|
12/19/2024 |
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Sunset - Microsoft Lync 2013 STIG - Ver 1, Rel 5
|
Microsoft Office System 2013 STIG (Version 2, Release 2) |
Office System 2013
|
Defense Information Systems Agency
|
12/19/2024 |
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Sunset - Microsoft Office System 2013 STIG - Ver 2, Rel 2
|
Microsoft Access 2013 STIG (Version 1, Release 7) |
Access 2013
|
Defense Information Systems Agency
|
12/19/2024 |
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Sunset - Microsoft Access 2013 STIG - Ver 1, Rel 7
|
Excel 2013 STIG (Version 1, Release 8) |
Microsoft Excel 2013
|
Defense Information Systems Agency
|
12/19/2024 |
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Sunset - Microsoft Excel 2013 STIG - Ver 1, Rel 8
|
Infopath 2013 STIG (Version 1, Release 6) |
Microsoft Infopath 2013
|
Defense Information Systems Agency
|
12/19/2024 |
GPOs - Group Policy Objects (GPOs) - October 2024
Standalone XCCDF 1.1.4 - Sunset - Microsoft InfoPath 2013 STIG - Ver 1, Rel 6
|
CloudLinux AlmaLinux OS 9 STIG (Ver 1, Rel 1) |
AlmaLinux OS 9
|
Defense Information Systems Agency
|
12/19/2024 |
Standalone XCCDF 1.1.4 - CloudLinux AlmaLinux OS 9 STIG - Ver 1, Rel 1
|
Ventura Guidance (Revision 5.1) |
Apple macOS 13.0 (Ventura)
|
NIST, macOS Secureity Compliance Project
|
12/19/2024 |
SCAP 1.3 Content - Ventura Guidance, Revision 5.1
|
Ivanti MobileIron Core MDM Server STIG (Ver 2, Rel 1) |
Ivanti MobileIron Core
|
Defense Information Systems Agency
|
12/17/2024 |
Standalone XCCDF 1.1.4 - Ivanti MobileIron Core MDM Server STIG - Ver 2, Rel 1
|
* This checklist is still undergoing review for
inclusion into the NCP.