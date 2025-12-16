The National Institute of Standards and Technology (NIST) has released an initial public draft for Rev 5 of the agency’s National Checklist Program (NCP) that facilitates the generation of security checklists from authoritative sources, centralizes the location of checklists, and makes checklists broadly accessible.

Notably, the new draft includes within its scope cloud platforms, IoT, and AI systems.

The new draft publication, released on Dec. 9, “explains how to use the NCP to find and retrieve checklists and describes the policies, procedures, and general requirements for participation in the NCP,” NIST said.

The agency is seeking public comments on the new draft through Jan. 26 at checklists@nist.gov.

NIST first created the NCP in 2003 by launching its Security Configuration Checklists Program for IT products. The agency evolved it into the broader NCP that hosts numerous security checklists for hardening systems, with official guidance published later including SP 800-70 Rev. 2 in 2011.

The agency said the latest draft guidance “introduces significant updates to improve usability, automation, and alignment with modern cybersecurity practices.”

In particular, NIST explained that the new draft features: