National Checklist Program

The National Checklist Program (NCP) is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. NCP is migrating its repository of checklists to conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security tools to automatically perform configuration checking using SCAP expressed NCP checklists.

To facilitate development of security configuration checklists for IT products and to make checklists more organized and usable, NIST established the NCP as described in the NIST Special Publication 800-70. NIST maintains a checklist repository that contains descriptions of checklists. Users of this web site can browse the descriptions to locate a particular checklist using a variety of criteria, including the product category, vendor name, and submitting organization.

Goals for the NCP are as follows:

• Facilitate development and sharing of checklists by providing a formal framework for vendors and other checklist developers to submit checklists to NIST
• Provide guidance to developers to help them create standardized, high-quality checklists that conform to common operational environments
• Help developers and users by providing guidelines for making checklists better documented and more usable
• Encourage IT product vendors and other parties to develop checklists and to configure their products based on those checklists
• Provide a managed process for the review, update, and maintenance of checklists
• Provide an easy-to-use repository of checklists
• Provide checklist content in a standardized format
• Encourage the use of automation technologies for checklist application.

The National Checklist Program website is the centralized repository of security configuration setting guidance.  NIST derived this list of checklist In cooperation with Federal Agencies, private industry, and other organizations.