Check NIST for various publications. <a href="http://www.nist.org/nist_plugins/content/content.php?content.28">NIST SP 800-70 Security Configuration Checklists Program for IT Products</a> (The below SP 800-70 description is from NIST.gov, edited) The Security Configuration Checklists Program for IT Products – Guidance for Checklists Users and Developers (NIST SP 800-70) was developed to facilitate the development and dissemination of security configuration checklists so that organizations and individual users can better secure their IT products. A security configuration checklist (sometimes called a lockdown or hardening guide or benchmark) is in its simplest form a series of instructions for configuring a product to a particular operational environment. It could also include templates or automated scripts and other procedures. Typically, checklists are created by IT vendors for their own products; however, checklists are also created by other organizations such as consortia, academia, and government agencies. The use of well-written, standardized checklists can markedly reduce the vulnerability exposure of IT products. Checklists may be particularly helpful to small organizations and individuals that have limited resources for securing their systems. The SP 800-70 document was created by the National Institute of Standards and Technology and is public domain (not subject to copyright). --- NIST is an excellent source. Its European counterpart also produces and archives checklists. SANS has synthesized an <a href="http://www.sans.org/score/checklists/ISO_17799_checklist.pdf">ISO 17799 checklist</a>.

Check NIST for various publications. <a href="http://www.nist.org/nist_plugins/content/content.php?content.28">NIST SP 800-70 Security Configuration Checklists Program for IT Products</a> (The below SP 800-70 description is from NIST.gov, edited) The Security Configuration Checklists Program for IT Products – Guidance for Checklists Users and Developers (NIST SP 800-70) was developed to facilitate the development and dissemination of security configuration checklists so that organizations and individual users can better secure their IT products. A security configuration checklist (sometimes called a lockdown or hardening guide or benchmark) is in its simplest form a series of instructions for configuring a product to a particular operational environment. It could also include templates or automated scripts and other procedures. Typically, checklists are created by IT vendors for their own products; however, checklists are also created by other organizations such as consortia, academia, and government agencies. The use of well-written, standardized checklists can markedly reduce the vulnerability exposure of IT products. Checklists may be particularly helpful to small organizations and individuals that have limited resources for securing their systems. The SP 800-70 document was created by the National Institute of Standards and Technology and is public domain (not subject to copyright). --- NIST is an excellent source. Its European counterpart also produces and archives checklists. SANS has synthesized an <a href="http://www.sans.org/score/checklists/ISO_17799_checklist.pdf">ISO 17799 checklist</a>.