National Checklist Program Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70 Rev. 2, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. NCP is migrating its repository of checklists to conform to the Security Content Automation Protocol (SCAP). SCAP enables standards based security tools to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.

Search for Checklist using the fields below. The keyword search will search across the name, and summary.

Checklist Results
Tier Target Product Product Category Authority Publication Date Checklist Name (Version) Resources
II
  • Microsoft Exchange Server 2003
  • Email Server
  • Defense Information Systems Agency
 01/28/2011 Microsoft Exchange 2003 STIG (Version 1, Release 4)
II
  • Microsoft Exchange Server 2010
  • Email Server
  • Defense Information Systems Agency
 12/17/2012 Microsoft Exchange 2010 STIG (Version 1 Release 1)
I
  • Microsoft Exchange Server 2003
  • Microsoft Windows Mobile 5.0
  • Microsoft Windows Mobile 6.0
  • Microsoft Windows Mobile 6.1
  • Email Server
  • Wireless Email
  • Defense Information Systems Agency
 04/14/2009 Windows Mobile Messaging Wireless Email System Security Checklist (Version 5, Release 2.4)
I
  • Exchange 2007 for Windows Server 2003
  • Email Server
  • Center for Internet Security (CIS)
 07/02/2010 CIS Exchange Server 2007 Benchmark (Version 1.1.0)
I
  • Microsoft Exchange Server 2003
  • Email Server
  • Center for Internet Security (CIS)
 12/01/2007 CIS Exchange Server 2003 Benchmark (v1.0.0)
* This checklist is still undergoing review for inclusion into the NCP at this tier ranking.