To facilitate development of security configuration checklists for IT products and to make checklists more organized and usable, NIST established the NCP as described in the NIST Special Publication 800-70. NIST maintains a checklist repository that contains descriptions of checklists. Users of this web site can browse the descriptions to locate a particular checklist using a variety of criteria, including the product category, vendor name, and submitting organization.
Goals for the NCP are as follows:
- Facilitate development and sharing of checklists by providing a formal framework for vendors and other checklist developers to submit checklists to NIST
- Provide guidance to developers to help them create standardized, high-quality checklists that conform to common operational environments
- Help developers and users by providing guidelines for making checklists better documented and more usable
- Encourage IT product vendors and other parties to develop checklists and to configure their products based on those checklists
- Provide a managed process for the review, update, and maintenance of checklists
- Provide an easy-to-use repository of checklists
- Provide checklist content in a standardized format
- Encourage the use of automation technologies for checklist application.