Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Configuration Checklists Program for IT Products: Guidance For Checklists Users and Developers



Murugiah P. Souppaya, John P. Wack, Karen Kent


[Superseded by SP 800-70 Rev. 1 (September 2009):] The National Institute of Standards and Technology (NIST) has produced Security Configuration Checklists Program for IT Products: Guidance for Checklist Users and Developers to facilitate the development and dissemination of security configuration checklists so that organizations and individual users can better secure their IT products. A security configuration checklist (sometimes called a lockdown or hardening guide or benchmark) is in its simplest form a series of instructions for configuring a product to a particular security level (or baseline). It could also include templates or automated scripts and other procedures. Typically, checklists are created by IT vendors for their own products; however, checklists are also created by other organizations such as consortia, academia, and government agencies. The use of well-written, standardized checklists can markedly reduce the vulnerability exposure of IT products. Checklists may be particularly helpful to small organizations and individuals that have limited resources for securing their systems. This publication is intended for users and developers of IT product security configuration checklists. For checklist users, this document gives an overview of the NIST Checklist Program, explains how to retrieve checklists from NIST's repository, and provides general information about threat discussions and baseline technical security practices for associated operational environments. For checklist developers, the document sets forth the policies, procedures, and general requirements for participation in the NIST Checklist Program.
Special Publication (NIST SP) - 800-70
Report Number


checklists, IT products, security configuration


Souppaya, M. , Wack, J. and Kent, K. (2005), Security Configuration Checklists Program for IT Products: Guidance For Checklists Users and Developers, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed May 26, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created May 1, 2005, Updated February 19, 2017