National Checklist Program Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70 Rev. 1, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. NCP is migrating its repository of checklists to conform to the Security Content Automation Protocol (SCAP). SCAP enables standards based security tools to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.

Search for Checklist using the fields below. The keyword search will search across the name, and summary.

Checklist Results
Tier Target Product Product Category Authority Publication Date Checklist Name (Version) Resources
IV
  • Microsoft Internet Explorer 7
  • Web Browser
  • OMB
 06/19/2008 FDCC IE7 (1.2)
IV
  • Microsoft Windows Vista
  • Operating System
  • OMB
 06/19/2008 FDCC Windows Vista (1.2)
IV
  • Microsoft Windows Vista
  • Operating System
  • OMB
 06/19/2008 FDCC Windows Vista Firewall (1.2)
IV
  • Microsoft Windows XP Pro SP2
  • Microsoft Windows XP Pro SP3
  • Operating System
  • OMB
 06/19/2008 FDCC Windows XP Firewall (1.2)
IV
  • Microsoft Windows XP Pro SP2
  • Microsoft Windows XP Pro SP3
  • Operating System
  • OMB
 06/19/2008 FDCC Windows XP (1.2)
III*
  • Microsoft Internet Explorer
  • Microsoft Windows Vista Business
  • Microsoft Windows Vista Enterprise Edition
  • Web Browser
  • Operating System
  • Defense Information Systems Agency
04/08/2009 Windows Vista Security Checklist (Version 6 Release 1.12)
III*
  • Microsoft Windows 2000
  • Operating System
  • Defense Information Systems Agency
03/31/2008 Windows 2000 Security Checklist (Version 6, Release 1.12)
III
  • Microsoft Windows XP
  • Operating System
  • NIST, Computer Security Division
 09/30/2007 NIST SP 800-68 (R1.2.0)
III*
  • Microsoft Windows XP
  • Operating System
  • Defense Information Systems Agency
04/08/2009 Windows XP Security Checklist (Version 6, Release 1.12)
III*
  • Microsoft Windows XP Pro SP2
  • Symantec Antivirus
  • Antivirus Software
  • Operating System
  • Defense Information Systems Agency
07/24/2009 Desktop Application Security Checklist (Version 3, Release 1.11)
III*
  • Redhat Enterprise Linux 4.0
  • Operating System
  • Defense Information Systems Agency
03/31/2008 UNIX Security Checklist (Version 5, Release 1.18)
III*
  • Sun Solaris 9
  • Operating System
  • Defense Information Systems Agency
03/31/2008 UNIX Security Checklist (Version 5, Release 1.18)
III*
  • Microsoft Windows Server 2003
  • Operating System
  • Microsoft Corporation
 04/25/2006 Windows Server 2003 Systems for Domain Controllers (2.1)
III*
  • Microsoft Windows Server 2003
  • Operating System
  • Microsoft Corporation
 04/25/2006 Windows Server 2003 Security Guide for Member Servers (2.1)
III*
  • Redhat Enterprise Linux 5.0
  • Operating System
  • Red Hat
 03/27/2008 SCAP: Guide To The Secure Configuration of Red Hat Enterprise Linux 5 (1.0)
III*
  • Sun Solaris 10.0
  • Operating System
  • Sun Microsystems
  • Center for Internet Security (CIS)
 03/27/2008 SCAP: Guidance for Securing Sun Microsystems Solarais 10 Systems for IT Professional (1.0)
III*
  • Microsoft Office 2007
  • Office Suite
  • Not Available
 03/28/2007 SCAP: Guidance for Securing Microsoft Office 2007 for IT Professional (0.4)
II*
  • HP HP-UX 11
  • Operating System
  • Defense Information Systems Agency
03/31/2008 UNIX Security Checklist (Version 5, Release 1.18)
II*
  • IBM AIX 5
  • Operating System
  • Defense Information Systems Agency
03/31/2008 UNIX Security Checklist (Version 5, Release 1.18)
II
  • Microsoft Office SharePoint Server 2007
  • Enterprise Application
  • National Security Agency
 03/23/2008 SharePoint Server 2007 Security Guide (2007)
* This checklist is still undergoing review for inclusion into the NCP at this tier ranking.