Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Configuration Checklists for Commercial IT Products


NIST maintains the National Checklist Repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products. A security configuration checklist (also called a lockdown, hardening guide, or benchmark) is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product. The IT product may be commercial, open source, government-off-the-shelf (GOTS), etc.To facilitate development of security configuration checklists for IT products and to make checklists more organized and usable, NIST established the National Checklist Program.


For more information regarding the Security Configuration Checklists for Commercial IT Products (now part of the National Checklist Repository), please visit the Computer Security Resource Center (CSRC).

Created July 2, 2009, Updated March 19, 2018