| 1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker | CIS Docker v1.6.0 L2 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker | CIS Docker v1.6.0 L2 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2 Ensure the container host has been Hardened | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Harden the container host | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Harden the container host | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Harden the container host | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Keep Docker up to date | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.4 Harden the container host | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.9 Ensure auditing is configured for Docker files and directories - docker.socket | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 1.11 Audit Docker files and directories - docker.socket | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1 Run the Docker daemon as a non-root user, if possible | CIS Docker v1.6.0 L1 Docker Linux | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.2 Ensure the logging level is set to 'info' | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2 Set the logging level | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2 Set the logging level | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3 Ensure Docker is allowed to make changes to iptables | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Ensure the logging level is set to 'info' - daemon.json | CIS Docker v1.6.0 L1 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3 Ensure the logging level is set to 'info' - dockerd | CIS Docker v1.6.0 L1 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.4 Allow Docker to make changes to iptables | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.13 Disable operations on legacy registry (v1) | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.13 Ensure operations on legacy registry (v1) are Disabled | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.15 Ensure live restore is enabled | CIS Docker v1.6.0 L1 Docker Linux | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 2.23 Run swarm manager in auto-lock mode | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5 Verify that docker.socket file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.6 Verify that docker.socket file permissions are set to 644 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.7 Ensure that registry certificate file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.7 Verify that registry certificate file ownership is set to root:root | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.7 Verify that registry certificate file ownership is set to root:root | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.8 Verify that registry certificate file permissions are set to 444 or more restrictive | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.8 Verify that registry certificate file permissions are set to 444 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.12 Verify that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.13 Verify that Docker server certificate key file ownership is set to root:root | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.18 Verify that registry certificate file permissions are set to 444 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.19 Ensure that the /etc/default/docker file ownership is set to root:root | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL |
| 3.19 Verify that /etc/default/docker file ownership is set to root:root | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.20 Ensure that /etc/default/docker file permissions are set to 644 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.20 Verify that /etc/default/docker file permissions are set to 644 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.20 Verify that /etc/default/docker file permissions are set to 644 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.20 Verify that /etc/default/docker file permissions are set to 644 or more restrictive | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.10 Do not store secrets in Dockerfiles | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.6 Do not run ssh within containers | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.6 Do not run ssh within containers | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.6 Ensure ssh is not run within containers | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 7.6 Ensure swarm manager is run in auto-lock mode | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-002000 - Docker Enterprise hosts network namespace must not be shared. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002130 - The Docker Enterprise socket must not be mounted inside any containers. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002400 - Docker Enterprise Swarm manager must be run in auto-lock mode. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DKER-EE-004370 - Docker Content Trust enforcement must be enabled in Universal Control Plane (UCP). | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DKER-EE-005230 - Docker Enterprise registry certificate file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005270 - Docker Enterprise server certificate file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| docker | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | |
