| 1.1.1 Ensure that the --allow-privileged argument is set to false | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 1.1.7 Ensure auditing is configured for Docker files and directories - docker.service | CIS Docker v1.6.0 L2 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.1 Ensure that the --allow-privileged argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 2.1.1 Ensure that the --allow-privileged argument is set to false | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 2.7 Set default ulimit as appropriate | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Configure centralized and remote logging | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 2.13 Ensure centralized and remote logging is configured | CIS Docker v1.6.0 L2 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 Verify that docker.service file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Verify that docker.socket file ownership is set to root:root | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.5 Ensure that the /etc/docker directory ownership is set to root:root | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL |
| 3.9 Verify that TLS CA certificate file ownership is set to root:root | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.10 Verify that TLS CA certificate file permissions are set to 444 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.17 Verify that daemon.json file ownership is set to root:root | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.17 Verify that daemon.json file ownership is set to root:root | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.1 Create a user for the container | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 4.4 Rebuild the images to include security patches | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.5 Enable Content trust for Docker | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.9 Enable Kernel Level Auditing - Check audit policies is set to arge,argv,cnt | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing, Check if 'flags:lo,ad,cc' is set in /etc/security/audit_control. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing, Check if 'minfree:20' is set in /etc/security/audit_control. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing, Check if 'naflags:lo,ad,ex' is set in /etc/security/audit_control. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing, Check if 'root:lo,ad:no' is set in /etc/security/audit_user. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1 Do not disable AppArmor | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.1 Do not disable AppArmor Profile | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.1 Ensure AppArmor Profile is Enabled | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.1 Verify AppArmor | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.7 Do not map privileged ports within containers | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.13 Bind incoming container traffic to a specific host interface | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.16 Do not share the host's IPC namespace | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.16 Do not share the host's IPC namespace | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.16 Do not share the host's IPC namespace | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.18 Override default ulimit at runtime only if needed | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.19 Do not set mount propagation mode to shared | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.19 Do not set mount propagation mode to shared | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.20 Do not share the host's UTS namespace | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.21 Do not disable default seccomp profile | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.22 Do not docker exec commands with privileged option | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | |
| 5.25 Restrict container from acquiring additional privileges | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.26 Check container health at runtime | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.29 Do not use Docker's default bridge docker0 | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | CONFIGURATION MANAGEMENT |
| 6.1 Perform regular security audits of your host system and containers | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | |
| 6.1.1 Configure SSH - Check if Host * is set in /etc/ssh/ssh_config. | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 6.3 Backup container data | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | |
| 6.5 Avoid container sprawl | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.5 Avoid container sprawl | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.7 Avoid container sprawl | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Docker_1.12.0_v1.0.0_L1.audit Level 1 | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | |
| DKER-EE-003320 - All Docker Engine - Enterprise nodes must be configured with a log driver plugin that sends logs to a remote log aggregation system (SIEM). | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-005210 - Docker Enterprise /etc/docker directory ownership must be set to root:root - Ubuntu | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
