Guidelines for Security Configuration Checklist Users and Developers

1.64 MB | 3 files |  DOC, PDF

Make sure your IT products are configured appropriately for your business environment using security configuration checklist recommendations provided by the National Institute of Standards and Technology.

A security configuration checklist (also called a lockdown, hardening guide or benchmark) is a series of instructions for configuring a product to a particular operational environment. Checklists can comprise templates or automated scripts, patches or patch descriptions, Extensible Markup Language (XML) files and other procedures. Checklists are intended to be tailored by each organization to meet its particular security and operational requirements. Some checklists also contain instructions for verifying that the product has been configured properly. Typically, checklists are created by IT vendors for their own products; however, checklists are also created by other organizations with the necessary technical competence, such as academia, consortia and government agencies. The use of well-written, standardized checklists can markedly reduce the vulnerability exposure of IT products. Checklists can be particularly helpful to small organizations and to individuals with limited resources for securing their systems.

NIST maintains the National Checklist Repository, which is a publicly available resource that contains information on a variety of security configuration checklists for specific IT products or categories of IT products. The repository, which is located at, contains metadata that describes each checklist. The repository also hosts copies of some checklists, primarily those developed by the federal government, and has pointers to the other checklists’ locations. Users can browse and search the repository’s metadata to locate a particular checklist using a variety of criteria, including the product category, vendor name and submitting organization. Having a centralized checklist repository makes it easier for organizations to find the current, authoritative versions of security checklists and to determine which ones best meet their needs.

This document is intended for users and developers of security configuration checklists. For checklist users, this document makes recommendations for how they should select checklists from the NIST National Checklist Repository, evaluate and test checklists and apply them to IT products. The document also provides general information to users about threats and fundamental technical security practices for associated operational environments. For checklist developers, this document sets forth the policies, procedures and general requirements for participation in the NIST National Checklist Program (NCP).

The attached Zip file includes:

  • Intro Page.doc
  • Cover Sheet and Terms.pdf
  • Guidelines for Security Configuration Checklist Users and Developers.pdf
IT Downloads help you save time and money while executing essential IT management tasks. Download this useful resource now and put it to work for your business.

This Download is provided by:

Partner logo

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.

All IT Downloads from National Institute of Standards and Technology» | Visit National Institute of Standards and Technology »
Related IT Downloads

Security95 Guide to Cyber Threat Information Sharing

This publication provides guidelines for establishing and participating in cyber threat information sharing relationships. ...  More >>

email9 Trustworthy Email

This document provides recommendations and guidelines for enhancing trust in email, including transmission and content security recommendations. ...  More >>

Infra81.jpg Software Quality Assurance: Integrating Testing, Security, and Audit

This excerpt focuses on the conceptual aspects of defect management, including the basic concepts of a defect, how to manage defects, and an analysis of the root causes of defects. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.