| 1.1.3 Ensure auditing is configured for the Docker daemon | AUDIT AND ACCOUNTABILITY |
| 1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd | AUDIT AND ACCOUNTABILITY |
| 1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker | AUDIT AND ACCOUNTABILITY |
| 1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker | AUDIT AND ACCOUNTABILITY |
| 1.1.7 Ensure auditing is configured for Docker files and directories - docker.service | AUDIT AND ACCOUNTABILITY |
| 1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sock | AUDIT AND ACCOUNTABILITY |
| 1.1.9 Ensure auditing is configured for Docker files and directories - docker.sock | AUDIT AND ACCOUNTABILITY |
| 1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker | AUDIT AND ACCOUNTABILITY |
| 1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json | AUDIT AND ACCOUNTABILITY |
| 1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.toml | AUDIT AND ACCOUNTABILITY |
| 1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker | AUDIT AND ACCOUNTABILITY |
| 1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd | AUDIT AND ACCOUNTABILITY |
| 1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim | AUDIT AND ACCOUNTABILITY |
| 1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1 | AUDIT AND ACCOUNTABILITY |
| 1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2 | AUDIT AND ACCOUNTABILITY |
| 1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runc | AUDIT AND ACCOUNTABILITY |
| 1.2.1 Ensure the container host has been Hardened | CONFIGURATION MANAGEMENT |
| 1.2.2 Ensure that the version of Docker is up to date | SYSTEM AND INFORMATION INTEGRITY |
| 2.9 Enable user namespace support - /etc/subgid | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Enable user namespace support - /etc/subuid | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Enable user namespace support - SecurityOptions | SYSTEM AND SERVICES ACQUISITION |
| 2.10 Ensure the default cgroup usage has been confirmed - daemon.json | SYSTEM AND SERVICES ACQUISITION |
| 2.10 Ensure the default cgroup usage has been confirmed - dockerd | SYSTEM AND SERVICES ACQUISITION |
| 2.11 Ensure base device size is not changed until needed - daemon.json | CONFIGURATION MANAGEMENT |
| 2.11 Ensure base device size is not changed until needed - dockerd | CONFIGURATION MANAGEMENT |
| 2.12 Ensure that authorization for Docker client commands is enabled | ACCESS CONTROL |
| 2.13 Ensure centralized and remote logging is configured | AUDIT AND ACCOUNTABILITY |
| 2.17 Ensure that a daemon-wide custom seccomp profile is applied if appropriate | SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure that the docker.service file ownership is set to root:root | ACCESS CONTROL |
| 3.2 Ensure that docker.service file permissions are appropriately set | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3 Ensure that docker.socket file ownership is set to root:root | ACCESS CONTROL |
| 3.4 Ensure that docker.socket file permissions are set to 644 or more restrictive | ACCESS CONTROL, MEDIA PROTECTION |
| 3.5 Ensure that the /etc/docker directory ownership is set to root:root | ACCESS CONTROL |
| 3.6 Ensure that /etc/docker directory permissions are set to 755 or more restrictively | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure that registry certificate file ownership is set to root:root | ACCESS CONTROL |
| 3.8 Ensure that registry certificate file permissions are set to 444 or more restrictively | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure that TLS CA certificate file ownership is set to root:root | ACCESS CONTROL |
| 3.10 Ensure that TLS CA certificate file permissions are set to 444 or more restrictively | ACCESS CONTROL, MEDIA PROTECTION |
| 3.11 Ensure that Docker server certificate file ownership is set to root:root | ACCESS CONTROL |
| 3.12 Ensure that the Docker server certificate file permissions are set to 444 or more restrictively | ACCESS CONTROL, MEDIA PROTECTION |
| 3.15 Ensure that the Docker socket file ownership is set to root:docker | ACCESS CONTROL, MEDIA PROTECTION |
| 3.16 Ensure that the Docker socket file permissions are set to 660 or more restrictively | ACCESS CONTROL, MEDIA PROTECTION |
| 3.17 Ensure that the daemon.json file ownership is set to root:root | ACCESS CONTROL |
| 3.18 Ensure that daemon.json file permissions are set to 644 or more restrictive | ACCESS CONTROL, MEDIA PROTECTION |
| 3.19 Ensure that the /etc/default/docker file ownership is set to root:root | ACCESS CONTROL |
| 3.20 Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively | ACCESS CONTROL, MEDIA PROTECTION |
| 3.21 Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively | ACCESS CONTROL, MEDIA PROTECTION |
| 3.22 Ensure that the /etc/sysconfig/docker file ownership is set to root:root | ACCESS CONTROL |
| 3.23 Ensure that the Containerd socket file ownership is set to root:root | ACCESS CONTROL |
| 3.24 Ensure that the Containerd socket file permissions are set to 660 or more restrictively | ACCESS CONTROL, MEDIA PROTECTION |
