1.1 Create a separate partition for containers | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
1.1 Create a separate partition for containers | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.1 Ensure a separate partition for containers has been created | CIS Docker v1.5.0 L1 Linux Host OS | Unix | |
1.2.1 Ensure a separate partition for containers has been created | CIS Docker v1.2.0 L1 Linux Host OS | Unix | CONFIGURATION MANAGEMENT |
1.2.5 Ensure auditing is configured for Docker files and directories - /etc/docker | CIS Docker v1.2.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
1.7 Audit Docker files and directories - /etc/docker | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.7 Ensure auditing is configured for Docker files and directories - /etc/docker | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
1.10 Audit Docker files and directories - /etc/docker | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
1.12 Audit Docker files and directories - /etc/default/docker | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.12 Audit Docker files and directories - /usr/bin/docker-containerd | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.13 Ensure auditing is configured for Docker files and directories - /usr/bin/docker-runc | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
1.14 Audit Docker files and directories - /usr/bin/docker-containerd | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.15 Audit Docker files and directories - /usr/bin/docker-runc | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
2.6 Configure TLS authentication for Docker daemon - tlscacert | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Configure TLS authentication for Docker daemon - tlscert | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Configure TLS authentication for Docker daemon - tlskey | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Configure TLS authentication for Docker daemon --tlscert | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Configure TLS authentication for Docker daemon -tlsverify | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Configure TLS authentication for Docker daemon -tlsverify | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Ensure TLS authentication for Docker daemon is configured --tlscert | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.7 Ensure TLS authentication for Docker daemon is configured - tlscert | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.7 Ensure TLS authentication for Docker daemon is configured - tlscert | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
2.7 Ensure TLS authentication for Docker daemon is configured - tlscert | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
2.7 Ensure TLS authentication for Docker daemon is configured - tlsverify | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.7 Ensure TLS authentication for Docker daemon is configured - tlsverify | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
2.11 Use authorization plugin | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | IDENTIFICATION AND AUTHENTICATION |
2.12 Ensure that authorization for Docker client commands is enabled | CIS Docker v1.5.0 L2 Docker Linux | Unix | |
3.7 Verify that Docker environment file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.15 Ensure that Docker socket file ownership is set to root:docker | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.15 Ensure that the Docker socket file ownership is set to root:docker | CIS Docker v1.2.0 L1 Docker Linux | Unix | CONFIGURATION MANAGEMENT |
3.15 Ensure that the Docker socket file ownership is set to root:docker | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
3.15 Verify that Docker socket file ownership is set to root:docker | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.15 Verify that Docker socket file ownership is set to root:docker | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.15 Verify that Docker socket file ownership is set to root:docker | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
4.1 Create a user for the container | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
4.1 Create a user for the container | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
4.1 Create a user for the container | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | |
4.2 Use trusted base images for containers | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
4.2 Use trusted base images for containers | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker paths | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker services | DISA STIG Docker Enterprise 2.x Linux/Unix v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker services | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set. - docker services | DISA STIG Docker Enterprise 2.x Linux/Unix v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
DKER-EE-001770 - Docker Incs official GPG key must be added to the host using the users operating systems respective package repository management tooling. | DISA STIG Docker Enterprise 2.x Linux/Unix v1r1 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-003590 - Content Trust enforcement must be enabled in Universal Control Plane (UCP) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-004130 - Docker Enterprise older Universal Control Plane (UCP) and Docker Trusted Registry (DTR) images must be removed from all cluster nodes upon upgrading. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-004130 - Docker Enterprise older Universal Control Plane (UCP) and Docker Trusted Registry (DTR) images must be removed from all cluster nodes upon upgrading. | DISA STIG Docker Enterprise 2.x Linux/Unix v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-004130 - Docker Enterprise older Universal Control Plane (UCP) and Docker Trusted Registry (DTR) images must be removed from all cluster nodes upon upgrading. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-005310 - Docker Enterprise socket file ownership must be set to root:docker. | DISA STIG Docker Enterprise 2.x Linux/Unix v1r1 | Unix | CONFIGURATION MANAGEMENT |