1.6 Keep Docker up to date

Information

The docker container solution is evolving to maturity and stability at a rapid pace. Like any
other software, the vendor releases regular updates for Docker software that address
security vulnerabilities, product bugs and bring in new functionality.
Keep a tab on these product updates and upgrade as frequently as when new security
vulnerabilities are fixed.

By staying up to date on Docker updates, vulnerabilities in the Docker software can be
mitigated. An educated attacker may exploit known vulnerabilities when attempting to
attain access or elevate privileges. Not installing regular Docker updates may leave you
with running vulnerable Docker software. It might lead to elevation privileges,
unauthorized access or other security breaches.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Download and install the updated Docker software from official Docker repository.

Impact-None.

Default Value-Not Applicable

See Also

https://workbench.cisecurity.org/files/514

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2c.

Plugin: Unix

Control ID: 5bbd8bdf9c297c8db7b4def9e4b9a12a6aeb907c283dc0978602d0c593fc2492