The National Checklist Program (NCP) is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. NCP is migrating its repository of checklists to conform to the Security Content Automation Protocol (SCAP). SCAP enables validated security tools to automatically perform configuration checking using SCAP expressed NCP checklists.
To facilitate development of security configuration checklists for IT products and to make checklists more organized and usable, NIST established the NCP as described in the NIST Special Publication 800-70. NIST maintains a checklist repository that contains descriptions of checklists. Users of this web site can browse the descriptions to locate a particular checklist using a variety of criteria, including the product category, vendor name, and submitting organization.
Goals for the NCP are as follows:
The National Checklist Program website is the centralized repository of security configuration setting guidance. NIST derived this list of checklist In cooperation with Federal Agencies, private industry, and other organizations.
Lead Organizational Unit:ITL
Related Programs and Projects:
100 Bureau Drive