| 1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker | CIS Docker v1.6.0 L1 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.4 Only allow trusted users to control Docker daemon | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | ACCESS CONTROL |
| 1.8 Audit Docker files and directories - /var/lib/docker | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.8 Audit Docker files and directories - /var/lib/docker | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.8 Audit Docker files and directories - docker.service | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.8 Ensure auditing is configured for Docker files and directories - docker.service | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 1.9 Audit Docker files and directories - docker.socket | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.11 Audit Docker files and directories - docker.socket | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.12 Audit Docker files and directories - docker.service | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2 Set the logging level | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 2.9 Confirm default cgroup usage | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Do not enable swarm mode, if not needed | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.15 Do not enable swarm mode, if not needed | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.7 Ensure that registry certificate file ownership is set to root:root | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL |
| 3.7 Ensure that registry certificate file ownership is set to root:root | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL |
| 3.7 Verify that registry certificate file ownership is set to root:root | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.8 Verify that registry certificate file permissions are set to 444 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.11 Ensure that Docker server certificate file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.11 Ensure that Docker server certificate file ownership is set to root:root | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL |
| 3.11 Verify that Docker server certificate file ownership is set to root:root | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.11 Verify that Docker server certificate file ownership is set to root:root | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.12 Ensure that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.12 Ensure that the Docker server certificate file permissions are set to 444 or more restrictively | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.12 Ensure that the Docker server certificate file permissions are set to 444 or more restrictively | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.12 Verify that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.13 Ensure that the Docker server certificate key file ownership is set to root:root | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL |
| 3.14 Ensure that the Docker server certificate key file permissions are set to 400 | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.17 Verify that registry certificate file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.20 Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.21 Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.21 Verify that Docker server certificate file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.22 Ensure that the /etc/sysconfig/docker file ownership is set to root:root | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL |
| 4.2 Ensure that containers use trusted base images | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.2 Ensure that, if applicable, an AppArmor Profile is enabled | CIS Docker v1.6.0 L1 Docker Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3 Ensure that, if applicable, SELinux security options are set | CIS Docker v1.6.0 L2 Docker Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.9 Do not share the host's network namespace | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.23 Do not docker exec commands with user option | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | |
| 5.23 Do not docker exec commands with user option | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | |
| 5.23 Do not docker exec commands with user option | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | |
| 5.24 Confirm cgroup usage | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4 Avoid image sprawl | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 6.6 Avoid image sprawl | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 7.1 Ensure swarm mode is not Enabled, if not needed | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001930 - An appropriate AppArmor profile must be enabled on Ubuntu systems for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001970 - SSH must not run within Linux containers for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP) - max-size | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-005240 - Docker Enterprise registry certificate file permissions must be set to 444 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005280 - Docker Enterprise server certificate file permissions must be set to 444 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005350 - Docker Enterprise /etc/default/docker file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005360 - Docker Enterprise /etc/default/docker file permissions must be set to 644 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
