National Checklist Program Repository

The National Checklist Program (NCP), defined by the NIST SP 800-70 Rev. 2, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. NCP is migrating its repository of checklists to conform to the Security Content Automation Protocol (SCAP). SCAP enables standards based security tools to automatically perform configuration checking using NCP checklists. For more information relating to the NCP please visit the information page or the glossary of terms.

Search for Checklist using the fields below. The keyword search will search across the name, and summary.

Checklist Results
Tier Target Product Product Category Authority Publication Date Checklist Name (Version) Resources
III
  • Oracle Weblogic Server
  • Web Server
  • National Security Agency
  • MITRE
 06/15/2011 Oracle Weblogic Server (11G)
III*
  • Red Hat JBOSS Enterprise Application Platform 5.0.0
  • Red Hat JBOSS Enterprise Application Platform 5.0.1
  • Red Hat JBOSS Enterprise Application Platform 5.1.0
  • Red Hat JBoss Enterprise Application Platform 5.1.1
  • Red Hat JBoss Enterprise Application Platform 5.1.2
  • Application Server
  • Web Server
  • Red Hat
 06/08/2012 JBoss Enterprise Application Platform (EAP) (5.x)
II
  • Apache Tomcat 4.1.31
  • Apache Tomcat 5.5.9
  • Apache Tomcat 5.0.28
  • Microsoft Internet Information Services
  • Apache HTTP Server 2.0
  • Apache HTTP Server 1.3
  • Apache Tomcat
  • Sun iPlanet Web Server
  • Oracle Weblogic Server
  • Apache HTTP Server 2.2
  • lighttpd web server
  • Application Server
  • Web Server
  • Defense Information Systems Agency
 09/20/2010 Web Server STIG (Version 7, Release 1)
II
  • Microsoft Internet Information Services
  • Apache HTTP Server 2.0
  • Apache HTTP Server 1.3
  • Apache HTTP Server 2.2
  • Web Server
  • Defense Information Systems Agency
 10/28/2011 Web Policy STIG (Version 1, Release 1)
II
  • Apache HTTP Server 2.0
  • Web Server
  • Defense Information Systems Agency
 11/23/2011 Apache 2.0 STIG - UNIX (Version 1, Release 1)
II
  • Apache HTTP Server 2.0
  • Web Server
  • Defense Information Systems Agency
 11/23/2011 Apache 2.0 STIG - Windows (Version 1, Release 1)
II*
  • Apache HTTP Server 2.2
  • Web Server
  • Defense Information Systems Agency
 11/23/2011 Apache 2.2 STIG - UNIX (Version 1, Release 2)
II*
  • Apache HTTP Server 2.2
  • Web Server
  • Defense Information Systems Agency
 11/23/2011 Apache 2.2 STIG - Windows (Version 1, Release 2)
II
  • Microsoft Internet Information Services 6.0
  • Web Server
  • Defense Information Systems Agency
 10/31/2011 IIS 6.0 STIG (Version 6, Release 13)
II*
  • Microsoft Internet Information Services 7.0
  • Web Server
  • Defense Information Systems Agency
 10/31/2011 IIS 7.0 STIG (Version 1, Release 3)
I*
  • Apache HTTP Server 2.0
  • Apache HTTP Server 1.3
  • Web Server
  • Defense Information Systems Agency
 04/23/2010 Web Apache Checklist (Version 6, Release 1.12)
I
  • Apache HTTP Server 2.0
  • Apache HTTP Server 1.3
  • Web Server
  • Center for Internet Security (CIS)
 01/01/2008 Apache Benchmark for Unix, Levels I and II (Version 2.1)
I*
  • Apache HTTP Server 2.2
  • Web Server
  • Center for Internet Security (CIS)
 11/17/2011 Apache HTTP Server 2.2 (Version 3.0.0)
* This checklist is still undergoing review for inclusion into the NCP at this tier ranking.