National Vulnerability Database (NVD) National Checklist Program Repository

National Checklist Program Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70 Rev. 2, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. NCP is migrating its repository of checklists to conform to the Security Content Automation Protocol (SCAP). SCAP enables standards based security tools to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.

Search for Checklist using the fields below. The keyword search will search across the name, and summary.

Tier:

Target Product:

Product Category:

Authority:

Keyword:

Checklist Results
Tier	Target Product	Product Category	Authority	Publication Date	Checklist Name (Version)	Resources
III	Microsoft .NET Framework 4.0	Application Server	Defense Information Systems Agency	08/10/2012	Microsoft .NET Framework 4 (Version 1, Release 1)	Standalone XCCDF - Microsoft .NET Framework 4.0 STIG Version 1, Release 1 SCAP 1.0 Content - Microsoft .NET Framework 4 Benchmark, Version 1, Release 1
III*	Red Hat JBOSS Enterprise Application Platform 5.0.0 Red Hat JBOSS Enterprise Application Platform 5.0.1 Red Hat JBOSS Enterprise Application Platform 5.1.0 Red Hat JBoss Enterprise Application Platform 5.1.1 Red Hat JBoss Enterprise Application Platform 5.1.2	Application Server Web Server	Red Hat	06/08/2012	JBoss Enterprise Application Platform (EAP) (5.x)	SCAP 1.1 Content - JBoss Enterprise Application Platform (EAP)
II	Apache Tomcat 4.1.31 Apache Tomcat 5.5.9 Apache Tomcat 5.0.28 Microsoft Internet Information Services Apache HTTP Server 2.0 Apache HTTP Server 1.3 Apache Tomcat Sun iPlanet Web Server Oracle Weblogic Server Apache HTTP Server 2.2 lighttpd web server	Application Server Web Server	Defense Information Systems Agency	09/20/2010	Web Server STIG (Version 7, Release 1)	Standalone XCCDF - Web Server STIG, Version 7, Release 1
I	BEA WebLogic Server 7.0 sp6 Sun JRE 5.0 Update 4 Sun JVM JDK 5.0 Update 4 Apache Tomcat	Application Server	Defense Information Systems Agency	07/31/2006	Application Services STIG Checklist (Version 1 Release 1.1)	Prose - Application Services Checklist - Version 1 Release 1.1 Prose - Application Services STIG - Version 1 Release 1
I	Microsoft .NET Framework 1.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5	Application Server	Defense Information Systems Agency	02/18/2009	.NET Framework Security Checklist (Version 1, Release 2.3)	Prose - .NET Framework Security Checklist
I	Sun Application Server	Application Server	Defense Information Systems Agency	06/26/2009	WEB Netscape / Sun JAVA CHECKLIST (Version 6 Release 1.6)	Prose - WEB Netscape / Sun JAVA Checklist

* This checklist is still undergoing review for inclusion into the NCP at this tier ranking.