Detections
Analytics

DISA STIG Docker Enterprise 2.x Linux/Unix UCP v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Docker Enterprise 2.x Linux/Unix UCP v1r1

Updated: 8/30/2021

Authority: DISA STIG

Plugin: Unix

Revision: 1.3

Estimated Item Count: 18

File Details

Filename: DISA_STIG_Docker_Enterprise_2.x_Linux_Unix_UCP_v1r1.audit

Size: 69.5 kB

MD5: e58f80c07f54ac9353e161e26576f734
SHA256: 1f12ec8772f24d9ccdeed1f94b32204d95f6d59a992481a4b540f7306e123b90

Audit Items

DescriptionCategories
DISA_STIG_Docker_Enterprise_2.x_Linux_Unix_UCP_v1r1.audit from DISA Docker Enterprise 2.x Linux/Unix STIG v1r1
DKER-EE-001000 - The Docker Enterprise Per User Limit Login Session Control in the Universal Control Plane (UCP) Admin Settings must be set to an organization-defined value for all accounts and/or account types.

ACCESS CONTROL

DKER-EE-001080 - The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set. - team member access

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

DKER-EE-001870 - The Docker Enterprise self-signed certificates in Universal Control Plane (UCP) must be replaced with DoD trusted, signed certificates.

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-001890 - The option in Universal Control Plane (UCP) allowing users and administrators to schedule containers on all nodes, including UCP managers and Docker Trusted Registry (DTR) nodes must be disabled in Docker Enterprise.

CONFIGURATION MANAGEMENT

DKER-EE-001910 - Periodic data usage and analytics reporting in Universal Control Plane (UCP) must be disabled in Docker Enterprise.

CONFIGURATION MANAGEMENT

DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.

IDENTIFICATION AND AUTHENTICATION

DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise. - lifetime_minutes

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise. - renewal_threshold_minutes

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-002970 - The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).

ACCESS CONTROL

DKER-EE-003590 - Content Trust enforcement must be enabled in Universal Control Plane (UCP) in Docker Enterprise.

CONFIGURATION MANAGEMENT

DKER-EE-003920 - Universal Control Plane (UCP) must be integrated with a trusted certificate authority (CA) in Docker Enterprise.

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-004370 - Docker Content Trust enforcement must be enabled in Universal Control Plane (UCP).

CONFIGURATION MANAGEMENT

DKER-EE-006190 - Docker Enterprise Universal Control Plane (UCP) must be integrated with a trusted certificate authority (CA).

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-006280 - Docker Enterprise Universal Control Plane (UCP) must be configured to use TLS 1.2.

ACCESS CONTROL