U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Specification for the Extensible Configuration Checklist Description Format (XCCDF), Version 1.1.3

Published

Author(s)

Neal Ziring, Stephen Quinn

Abstract

The Cyber Security Research and Development Act of 2002 tasks the National Institute of Standards and Technology (NIST) to "develop, and revise as necessary, a checklist setting forth settings and option selections that minimize the security risks associated with each computer hardware or software system that is, or is likely to become widely used within the Federal Government." Such checklists, when combined with well-developed guidance, leveraged with high-quality security expertise, vendor product knowledge, operational experience, and accompanied with tools, can markedly reduce the vulnerability exposure of an organization. Pursuant to the NIST response to the Federal Information Security Management Act (FISMA) and according the NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems, this standardized XML format enables an automated provisioning of recommendations for minimum security controls for information systems categorized in accordance with Federal Information Processing Standards (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems.
Citation
NIST Interagency/Internal Report (NISTIR) - 7275 rev 2
Report Number
7275 rev 2
NIST Pub Series
NIST Interagency/Internal Report (NISTIR)
Pub Type
NIST Pubs

Keywords

benchmark, checklist, FISMA, security controls, vulnerability, XCCDF
Cybersecurity and privacy

Citation

Ziring, N. and Quinn, S. (2007), Specification for the Extensible Configuration Checklist Description Format (XCCDF), Version 1.1.3, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD (Accessed April 30, 2026)
Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created April 29, 2007, Updated October 12, 2021
Was this page helpful?