NIST hosted a workshop to identify current and planned Federal government checklist activities and related needs, existing and planned voluntary efforts for building security checklists, and current industry capabilities for the development of checklists and the associated templates that describe sets of security configurations for IT products widely used in the United States Government (USG).  Various Federal organizations (NIST, NSA, DISA, etc.), consortia (e.g., Center for Internet Security), and some commercial vendors currently produce these checklists. 

Such checklists, when combined with well-developed guidance and leveraged with high-quality security expertise, vendor product knowledge, and operational experience and tools, can markedly reduce the vulnerability exposure of an organization. To meet this challenging requirement to produce checklists for the spectrum of IT products widely used in the government, NIST has developed a proposal to solicit from IT vendors, consortia, industry and other government organizations, and others in the public and private sector to produce additional checklists and associated guidance material to NIST.  These materials would then be made available for display and downloading from the NIST Computer Security Resource Center (CSRC) web site (http://checklists.nist.gov).