Security Configuration Management bases its checklist on various authority standards.

Center for Internet Security
The Center for Internet Security (CIS) guidelines recommends technical control rules and values that are applicable to network devices, operating systems, software applications, and middleware applications. CIS guidelines are consensus-based and are used by the US government and businesses in various industries.
The CIS guidelines are distributed for free in PDF formats and are also available in Extensible Configuration Checklist Description Format (XCCDF) for CIS Security Benchmark members. XCCDF is an XML-based language that is used for benchmark assessment tools and custom scripts.
For more information about CIS, see
Defense Information System Agency Security Technical Implementation Guidelines
The Defense Information Systems Agency (DISA) releases the Security Technical Implementation Guidelines (STIG). STIG provides recommendations for secure installation, configuration, and maintenance of software, hardware, and information systems. STIG is one of the basis of configuration standards that the US Department of Defense uses.
For more information about DISA and STIG, see
Federal Desktop Core Configuration
The Federal Desktop Core Configuration (FDCC) is a set of security settings that were recommended by the National Institute of Standards and Technology (NIST). FDCC was replaced by the United States Government Configuration Baseline (USGCB).
Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) is a baseline of technical and organizational requirements that are related to the Payment Card Industry.
You must establish a secure payments environment throughout your organization to achieve PCI DSS compliance. SCM enforces security configurations for endpoints and servers in your organization, and can help your organization protect endpoints meet security compliance for PCI DSS.
By complying with the PCI DSS standards you ensure that cardholder data and sensitive authentication data are secure and well protected from malicious users and attacks. The PCI DSS applies to all entities involved in payment card processing and requires continuous compliance with the security standards and best practices set by the PCI Security Standards Council.
For more information about PCI DSS, see the PCI Security Standards Council website at and the Payment Card Industry Data Security Standard (PCI DSS) User's Guide.
United States Government Configuration Baseline
The United States Government Configuration Baseline (USGCB) provides guidance for security configuration of Information Technology products that are deployed by US government federal agencies. USGCB addresses the following platforms Microsoft's Windows 7, Windows 7 Firewall, Windows Vista, Windows Vista Firewall, Windows XP, Windows XP Firewall, Internet Explorer 7, Internet Explorer 8, and Red Hat Enterprise Linux 5.
USGBC replaced the Federal Desktop Core Configuration (FDCC).
For more information about USGCB, see