1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker | CIS Docker v1.3.1 L1 Linux Host OS | Unix | |
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker | CIS Docker v1.6.0 L1 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.2.8 Ensure auditing is configured for Docker files and directories - /etc/default/docker | CIS Docker v1.2.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
1.2.10 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json | CIS Docker v1.2.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
1.5 Keep Docker up to date | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.6 Audit Docker files and directories - /var/lib/docker | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.7 Only allow trusted users to control Docker daemon | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | ACCESS CONTROL |
1.9 Audit Docker files and directories - /etc/docker | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.10 Audit Docker files and directories - /etc/default/docker | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.11 Audit Docker files and directories - /etc/docker/daemon.json | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.11 Audit Docker files and directories - docker-registry.service | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
1.12 Ensure auditing is configured for Docker files and directories - /usr/bin/docker-containerd | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
1.13 Audit Docker files and directories - /usr/bin/docker-runc | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.16 Audit Docker files and directories - /etc/sysconfig/docker-registry | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.17 Audit Docker files and directories - /etc/sysconfig/docker-storage | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
1.18 Audit Docker files and directories - /etc/default/docker | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
2.6 Configure TLS authentication for Docker daemon - tlscacert | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Configure TLS authentication for Docker daemon - tlscert | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Configure TLS authentication for Docker daemon - tlskey | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Configure TLS authentication for Docker daemon --tlsverify | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.6 Ensure TLS authentication for Docker daemon is configured - tlscert | CIS Docker v1.2.0 L1 Docker Linux | Unix | |
2.7 Do not use the aufs storage driver | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
2.7 Ensure TLS authentication for Docker daemon is configured - tlscacert | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
2.7 Ensure TLS authentication for Docker daemon is configured - tlskey | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
2.7 Ensure TLS authentication for Docker daemon is configured - tlskey | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
2.8 Do not bind Docker to another IP/Port or a Unix socket | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
2.9 Configure TLS authentication for Docker daemon '--tlscacert' | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.9 Configure TLS authentication for Docker daemon '--tlscert' | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.9 Configure TLS authentication for Docker daemon '--tlskey'' | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.9 Configure TLS authentication for Docker daemon '--tlsverify' | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
2.11 Use authorization plugin | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | IDENTIFICATION AND AUTHENTICATION |
2.12 Ensure that authorization for Docker client commands is enabled | CIS Docker v1.3.1 L2 Docker Linux | Unix | |
2.12 Ensure that authorization for Docker client commands is enabled | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL |
3.15 Ensure that the Docker socket file ownership is set to root:docker | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
3.15 Ensure that the Docker socket file ownership is set to root:docker | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
3.16 Ensure that the Docker socket file permissions are set to 660 or more restrictively | CIS Docker v1.2.0 L1 Docker Linux | Unix | CONFIGURATION MANAGEMENT |
4.2 Use trusted base images for containers | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
4.6 Add HEALTHCHECK instruction to the container image | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
5.9 Do not share the host's network namespace | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.9 Do not share the host's network namespace | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
5.27 Ensure docker commands always get the latest version of the image | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | |
DKER-EE-002080 - Docker Enterprise exec commands must not be used with privileged option. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r1 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-002080 - Docker Enterprise exec commands must not be used with privileged option. | DISA STIG Docker Enterprise 2.x Linux/Unix v1r1 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-002090 - Docker Enterprise exec commands must not be used with the user option. | DISA STIG Docker Enterprise 2.x Linux/Unix v1r1 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-003590 - Content Trust enforcement must be enabled in Universal Control Plane (UCP) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v1r1 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-004260 - Only trusted, signed images must be stored in Docker Trusted Registry (DTR) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-004260 - Only trusted, signed images must be stored in Docker Trusted Registry (DTR) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-004260 - Only trusted, signed images must be stored in Docker Trusted Registry (DTR) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
DKER-EE-005310 - Docker Enterprise socket file ownership must be set to root:docker. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r1 | Unix | CONFIGURATION MANAGEMENT |