| 1.1 Create a separate partition for containers | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Create a separate partition for containers | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Create a separate partition for containers | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Create a separate partition for containers | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Ensure a separate partition for containers has been created | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.1 Ensure a separate partition for containers has been created | CIS Docker v1.6.0 L1 Docker Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.6 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | |
| 1.3.6 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2 | Unix | |
| 1.6.2 Create Pod Security Policies for your cluster | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.2 Create Pod Security Policies for your cluster | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.5 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | |
| 1.6.5 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | |
| 1.6.6 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | |
| 1.6.6 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2 | Unix | |
| 1.7 Ensure auditing is configured for Docker files and directories - /etc/docker | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 1.14 Audit Docker files and directories - /usr/bin/docker-containerd | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.11 Ensure that authorization for Docker client commands is enabled | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.13 Disable operations on legacy registry (v1) | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.13 Disable operations on legacy registry (v1) | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Verify that docker-registry.service file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.7 Verify that Docker environment file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.8 Verify that Docker environment file permissions are set to 644 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.15 Verify that Docker socket file ownership is set to root:docker | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.15 Verify that Docker socket file ownership is set to root:docker | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.2 Use trusted base images for containers | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.7.3 Apply Security Context to Your Pods and Containers | CIS Kubernetes v1.23 Benchmark v1.0.1 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.7.3 Apply Security Context to Your Pods and Containers | CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.7.3 Apply Security Context to Your Pods and Containers | CIS RedHat OpenShift Container Platform v1.6.0 L2 | OpenShift | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.7.3 Apply Security Context to Your Pods and Containers | CIS Kubernetes v1.24 Benchmark v1.0.0 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.7.3 Apply Security Context to Your Pods and Containers | CIS Kubernetes v1.10.0 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.31 Do not mount the Docker socket inside any containers | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| CIS Docker Community Edition v1.1.0 L1 Docker | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | |
| CIS Docker Community Edition v1.1.0 L1 Linux Host OS | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | |
| CIS Docker Community Edition v1.1.0 L2 Docker | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | |
| CIS_Docker_v1.6.0_L1_Docker_Linux.audit from CIS Docker Benchmark v1.6.0 | CIS Docker v1.6.0 L1 Docker Linux | Unix | |
| CIS_Docker_v1.6.0_L1_Docker_Swarm.audit from CIS Docker Benchmark v1.6.0 | CIS Docker v1.6.0 L1 Docker Swarm | Unix | |
| CIS_Docker_v1.6.0_L2_Docker_Linux.audit from CIS Docker Benchmark v1.6.0 | CIS Docker v1.6.0 L2 Docker Linux | Unix | |
| DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker paths | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker services | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| DKER-EE-001770 - Docker Incs official GPG key must be added to the host using the users operating systems respective package repository management tooling. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001800 - The insecure registry capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001810 - On Linux, a non-AUFS storage driver in the Docker Engine - Enterprise component of Docker Enterprise must be used. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001830 - The userland proxy capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001840 - Experimental features in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001870 - The Docker Enterprise self-signed certificates in Universal Control Plane (UCP) must be replaced with DoD trusted, signed certificates. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001880 - The Docker Enterprise self-signed certificates in Docker Trusted Registry (DTR) must be replaced with DoD trusted, signed certificates. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001890 - The option in Universal Control Plane (UCP) allowing users and administrators to schedule containers on all nodes, including UCP managers and Docker Trusted Registry (DTR) nodes must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001900 - The Create repository on push option in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001910 - Periodic data usage and analytics reporting in Universal Control Plane (UCP) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001920 - Periodic data usage and analytics reporting in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
