National Checklist Program for IT Products – Guidelines for Checklist Users and Developers

662 MB | 3 files |  PDF

This document makes recommendations for how users and developers should select checklists from the NIST National Checklist Repository, evaluate and test checklists, and apply them to IT products.

IT Download image

A security configuration checklist (also called a lockdown, hardening guide, or benchmark) is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product. The IT product may be commercial, open source, government-off-the-shelf (GOTS), etc.

Checklists can comprise templates or automated scripts, patch information, Extensible Markup Language (XML) files, and other procedures. Checklists are intended to be tailored by each organization to meet its particular security and operational requirements. Typically, checklists are created by IT vendors for their own products; however, checklists are also created by other organizations, such as academia, consortia, and government agencies. The use of well-written, standardized checklists can markedly reduce the vulnerability exposure of IT products. Checklists can be particularly helpful to small organizations and to individuals with limited resources for securing their systems.

This document is intended for users and developers of security configuration checklists. For checklist users, this document makes recommendations for how they should select checklists from the NIST National Checklist Repository, evaluate and test checklists, and apply them to IT products. For checklist developers, this document sets forth the policies, procedures, and general requirements for participation in the NIST National Checklist Program (NCP).

The attached zip file includes:

  • Intro Page.pdf
  • Terms and Conditions.pdf
  • NIST.SP.800-70r3.pdf
IT Downloads help you save time and money while executing essential IT management tasks. Download this useful resource now and put it to work for your business.
Related IT Downloads

Compliance2 Building a GRC Program: Assessing Stakeholder Needs and Readiness

This table outlines the top needs of each stakeholder group that can help guide your conversations on priorities and needs for the GRC program. ...  More >>

IT_Man77 Job Description: Technology Project Manager

Whether you're looking to hire one or looking for a position yourself, use this detailed job description to find out what the role of a Technology Project Manager entails. ...  More >>

Strategy2.jpg Case Studies in Strategic Planning

Chapter 1 delves into the first four stages of systematic strategic planning, including clarifying current conditions, identifying competitive advantages, defining opportunities and developing strategies. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.