NIST National Checklist Program (NIST NCP) Content Downloads
The National Checklist Program (NCP), defined by the NIST SP 800-70, is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.
Red Hat's NIST National Checklist Program baselines can be found on the NIST website at:
https://nvd.nist.gov/ncp/repository?authority=Red+Hat&startIndex=0.
The NIST website redirects users to content-producer owned download links, which are available in the table below:
Red Hat Enterprise Linux 7.x
The following profiles ship in the latest RHEL 7.x content:
-
North America
- Central Intelligence Agency Commercial Cloud Solution (CIA C2S)
- Defense Information Systems Agency Secure Technical Implementation Guide for Red Hat Enterprise Linux 7 (DISA STIG)
- FBI Criminal Justice Information System (FBI CJIS)
- Health Insurance Portability and Accountability Act (HIPAA)
- NIST National Checklist for Red Hat Enterprise Linux 7.x, which reflects a superset of the following regulations:
- Committee on National Security Systems Instruction No. 1253 (CNSSI 1253)
- Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)
- NIST 800-53 rev4 control selections for MODERATE impact systems (NIST 800-53)
- U.S. Government Configuration Baseline (USGCB)
- NIAP Protection Profile for General Purpose Operating Systems v4.2.1 (OSPP v4.2.1)
- DISA Operating System Security Requirements Guide (OS SRG)
- NIAP Operating System Protection Profile
- Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)
-
APAC
- Australian Cyber Security Centre Essential Eight (ACSC e8)
-
EMEA
- ANSSI NT 28 Enhanced
- ANSSI NT 28 High
- ANSSI NT 28 Intermediary
- ANSSI NT 28 Minimal
| Name | Version | Release Date | SCAP 1.3 | SCAP 1.2 |
|---|---|---|---|---|
| NIST National Checklist for Red Hat Enterprise Linux 7.x | v0.1.50 | 15-MAY-2020 | .zip | .zip |
Red Hat Enterprise Linux 8.x
The following profiles ship in the latest RHEL 8.x content:
-
North America
- Criminal Justice Information Services (CJIS) Security Policy
- [DRAFT] Defense Information Systems Agency Secure Technical Implementation Guide for Red Hat Enterprise Linux 8 (DISA STIG)
- Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)
- Health Insurance Portability and Accountability Act (HIPAA)
- PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 8
- Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)
- Standard System Security Profile for Red Hat Enterprise Linux 8
- NIAP Protection Profile for General Purpose Operating Systems, which reflects a superset of the following regulations:
- Committee on National Security Systems Instruction No. 1253 (CNSSI 1253)
- Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)
- NIST 800-53 rev4 control selections for MODERATE impact systems (NIST 800-53)
- U.S. Government Configuration Baseline (USGCB)
- NIAP Protection Profile for General Purpose Operating Systems v4.2.1 (OSPP v4.2.1)
-
APAC
- Australian Cyber Security Centre Essential Eight (ACSC e8)
| Name | Version | Release Date | SCAP 1.3 | SCAP 1.2 |
|---|---|---|---|---|
| NIST National Checklist for Red Hat Enterprise Linux 8.x | v0.1.50 | 15-MAY-2020 | .zip | .zip |
OpenShift Container Platform 3.x
The following profiles ship in the latest OCP 3.x content:
- Open Computing Information Security Profile for OpenShift Node (OpenCIS for OpenShift 3.x Nodes)
- Open Computing Information Security Profile for OpenShift Master Node (OpenCIS for OpenShift 3.x Master Node)
| Name | Version | Release Date | SCAP 1.3 | SCAP 1.2 |
|---|---|---|---|---|
| NIST National Checklist for OpenShift Container Platform 3.x | v0.1.50 | 15-MAY-2020 | .zip | .zip |
Red Hat Enterprise Linux CoreOS 4.x
Content forRed Hat Enterprise Linux CoreOS 4.x is under active development. The latest draft content can be found at https://access.redhat.com/articles/4486111.
Red Hat OpenShift Container Platform 4.x
Content for Red Hat OpenShift Container Platform 4.x is under active development. The latest draft content can be found at https://access.redhat.com/articles/4486111.
Red Hat Virtualization Host 4.x
The following profiles ship in the latest RHV 4.x content:
- North America
- [DRAFT] DISA STIG for Red Hat Virtualization Host (RHVH)
- NIAP VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Virtualization Host (RHVH)
| Name | Version | Release Date | SCAP 1.3 | SCAP 1.2 |
|---|---|---|---|---|
| NIST National Checklist for Red Hat Virtualization Host 4.x | v0.1.50 | 15-MAY-2020 | .zip | .zip |
| NIST National Checklist for Red Hat Virtualization Host 4.x | v0.1.44-2 | 3-MAY-2019 | .zip | - |
Comments