| 1.1.3 Ensure auditing is configured for the Docker daemon | CIS Docker v1.6.0 L2 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.3 Ensure auditing is configured for the Docker daemon | CIS Docker v1.6.0 L1 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2.2 Ensure that the version of Docker is up to date | CIS Docker v1.6.0 L1 Docker Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure that the version of Docker is up to date | CIS Docker v1.6.0 L2 Docker Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.10 Audit Docker files and directories - docker.service | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.10 Audit Docker files and directories - docker.service | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3 Allow Docker to make changes to iptables | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6 Setup a local registry mirror | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.9 Enable user namespace support - /etc/subgid | CIS Docker v1.6.0 L2 Docker Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Enable user namespace support - SecurityOptions | CIS Docker v1.6.0 L2 Docker Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.17 Ensure experimental features are avoided in production | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.18 Ensure that experimental features are not implemented in production | CIS Docker v1.6.0 L1 Docker Linux | Unix | CONFIGURATION MANAGEMENT |
| 2.21 Avoid experimental features in production | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 Verify that docker.socket file ownership is set to root:root | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Verify that docker.socket file ownership is set to root:root | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.4 Verify that docker.socket file permissions are set to 644 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.4 Verify that docker.socket file permissions are set to 644 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.5 Ensure that /etc/docker directory ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | |
| 3.5 Verify that /etc/docker directory ownership is set to root:root | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | |
| 3.5 Verify that /etc/docker directory ownership is set to root:root | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | |
| 3.6 Ensure that /etc/docker directory permissions are set to 755 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | |
| 3.6 Verify that /etc/docker directory permissions are set to 755 or more restrictive | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | |
| 3.6 Verify that /etc/docker directory permissions are set to 755 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | |
| 3.6 Verify that /etc/docker directory permissions are set to 755 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | |
| 3.8 Ensure that registry certificate file permissions are set to 444 or more restrictively | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure that registry certificate file permissions are set to 444 or more restrictively | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.11 Ensure that Docker server certificate file ownership is set to root:root | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL |
| 3.11 Verify that Docker server certificate file ownership is set to root:root | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.12 Verify that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.16 Verify that /etc/docker directory permissions are set to 755 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | |
| 3.22 Verify that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.2 Ensure that containers use only trusted base images | CIS Docker v1.6.0 L1 Docker Linux | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Restrict Linux Kernel Capabilities within containers | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.7 Ensure sshd is not run within containers | CIS Docker v1.6.0 L1 Docker Linux | Unix | CONFIGURATION MANAGEMENT |
| 5.9 Ensure the host's network namespace is not shared | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.23 Ensure docker exec commands are not used with user option | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | |
| 5.23 Ensure that docker exec commands are not used with the privileged option | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL |
| 5.24 Ensure cgroup usage is confirmed | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.24 Ensure that docker exec commands are not used with the user=root option | CIS Docker v1.6.0 L2 Docker Linux | Unix | ACCESS CONTROL |
| 5.25 Ensure that cgroup usage is confirmed | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.27 Ensure docker commands always get the latest version of the image | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | |
| 6.5 Use a centralized and remote log collection service | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| CIS VMware ESXi 5.5 v1.2.0 Level 1 | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| CIS VMware ESXi 5.5 v1.2.0 Level 2 | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | |
| DKER-EE-001070 - FIPS mode must be enabled on all Docker Engine - Enterprise nodes - docker info .SecurityOptions | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-001960 - Privileged Linux containers must not be used for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002030 - All Docker Enterprise containers root filesystem must be mounted as read only. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002100 - cgroup usage must be confirmed in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002110 - All Docker Enterprise containers must be restricted from acquiring additional privileges. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP) - max-file | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
