Who creates the security checklists listed by the NIST program?
Ideally, product vendors will create checklists as they release new products. The vendor is often in the best position to create the checklists, however in some cases 3rd-party checklists could be submitted, such as from recognized security groups, state governments, and corporations. The Microsoft Windows™ XP templates included with the NIST Windows XP System Administration Guidance Special Publication represents an example of consensus settings by a 3rd-party working group. NIST’s program will also work in conjunction with other agencies and IT prodcut vendors to develop and disseminate security configuration checklists for IT products.