SCAP Checklists Information Reference
The SCAP format has become the preferred format for all new security checklists.
The National Checklist Program (NCP) is presently migrating its repository of checklists to conform to SCAP. According to NIST:
Tier III NCP checklists SHOULD work with SCAP-validated tools; and
Tier IV checklists WILL work with SCAP-validated tools.
Tier III NCP SCAP Checklists
(as of October 10, 2009)
Target Product Product Category Authority Checklist Name (Version)
Microsoft Internet Explorer
Microsoft Windows Vista Business
Microsoft Windows Vista Enterprise Edition Operating System Web Browser DISA Windows Vista Security Checklist (Version 6 Release 1.13)
Microsoft Windows 2000 Operating System DISA Windows 2000 Security Checklist (Version 6, Release 1.13)
Microsoft Windows XP Operating System DISA Windows XP Security Checklist (Version 6, Release 1.13)
Microsoft Windows XP Pro SP2
Symantec Antivirus Antivirus Software
Operating System DISA Desktop Application Security Checklist (Version 3, Release 1.11)
Redhat Enterprise Linux 4.0 Operating System DISA UNIX Security Checklist (Version 5, Release 1.19)
Sun Solaris 9 Operating System DISA UNIX Security Checklist (Version 5, Release 1.19)
Microsoft Windows Server 2003 Operating System Microsoft Windows Server 2003 Security Guide for Member Servers (2.1)
Microsoft Windows Server 2003 Operating System Microsoft Windows Server 2003 Systems for Domain Controllers (2.1)
Redhat Enterprise Linux 5.0 Operating System Red Hat SCAP: Guide To The Secure Configuration of Red Hat Enterprise Linux 5 (1.0)
Sun Solaris 10.0 Operating System Sun Microsystems SCAP: Guidance for Securing Sun Microsystems Solarais 10 Systems for IT Professional (1.0)
Microsoft Office 2007 Office Suite Not Available SCAP: Guidance for Securing Microsoft Office 2007 for IT Professional (0.4)
DISA = U.S. Defense Information Systems Agency
Tier IV NCP SCAP Checklists
(as of October 10, 2009)
Target Product Product Category Authority Checklist Name (Version)
Microsoft Internet Explorer 7 Web Browser OMB FDCC IE7 (1.2)
Microsoft Windows Vista Operating System OMB FDCC Windows Vista (1.2)
Microsoft Windows Vista Operating System OMB FDCC Windows Vista Firewall (1.2)
Microsoft Windows XP Operating System NIST NIST SP 800-68 (R1.2.0)
Microsoft Windows XP Pro SP2
Microsoft Windows XP Pro SP3 Operating System OMB FDCC Windows XP Firewall (1.2)
Microsoft Windows XP Pro SP2
Microsoft Windows XP Pro SP3 Operating System OMB FDCC Windows XP (1.2)
OMB = U.S. Office of Management and Budget
The National Checklist Program (NCP) is presently migrating its repository of checklists to conform to SCAP. According to NIST:
Tier III NCP checklists SHOULD work with SCAP-validated tools; and
Tier IV checklists WILL work with SCAP-validated tools.
Tier III NCP SCAP Checklists
(as of October 10, 2009)
Target Product Product Category Authority Checklist Name (Version)
Microsoft Internet Explorer
Microsoft Windows Vista Business
Microsoft Windows Vista Enterprise Edition Operating System Web Browser DISA Windows Vista Security Checklist (Version 6 Release 1.13)
Microsoft Windows 2000 Operating System DISA Windows 2000 Security Checklist (Version 6, Release 1.13)
Microsoft Windows XP Operating System DISA Windows XP Security Checklist (Version 6, Release 1.13)
Microsoft Windows XP Pro SP2
Symantec Antivirus Antivirus Software
Operating System DISA Desktop Application Security Checklist (Version 3, Release 1.11)
Redhat Enterprise Linux 4.0 Operating System DISA UNIX Security Checklist (Version 5, Release 1.19)
Sun Solaris 9 Operating System DISA UNIX Security Checklist (Version 5, Release 1.19)
Microsoft Windows Server 2003 Operating System Microsoft Windows Server 2003 Security Guide for Member Servers (2.1)
Microsoft Windows Server 2003 Operating System Microsoft Windows Server 2003 Systems for Domain Controllers (2.1)
Redhat Enterprise Linux 5.0 Operating System Red Hat SCAP: Guide To The Secure Configuration of Red Hat Enterprise Linux 5 (1.0)
Sun Solaris 10.0 Operating System Sun Microsystems SCAP: Guidance for Securing Sun Microsystems Solarais 10 Systems for IT Professional (1.0)
Microsoft Office 2007 Office Suite Not Available SCAP: Guidance for Securing Microsoft Office 2007 for IT Professional (0.4)
DISA = U.S. Defense Information Systems Agency
Tier IV NCP SCAP Checklists
(as of October 10, 2009)
Target Product Product Category Authority Checklist Name (Version)
Microsoft Internet Explorer 7 Web Browser OMB FDCC IE7 (1.2)
Microsoft Windows Vista Operating System OMB FDCC Windows Vista (1.2)
Microsoft Windows Vista Operating System OMB FDCC Windows Vista Firewall (1.2)
Microsoft Windows XP Operating System NIST NIST SP 800-68 (R1.2.0)
Microsoft Windows XP Pro SP2
Microsoft Windows XP Pro SP3 Operating System OMB FDCC Windows XP Firewall (1.2)
Microsoft Windows XP Pro SP2
Microsoft Windows XP Pro SP3 Operating System OMB FDCC Windows XP (1.2)
OMB = U.S. Office of Management and Budget