| 1.1.2 Ensure only trusted users are allowed to control Docker daemon | CIS Docker v1.3.1 L1 Linux Host OS | Unix | |
| 1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker | CIS Docker v1.3.1 L1 Linux Host OS | Unix | |
| 1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker | CIS Docker v1.6.0 L2 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json | CIS Docker v1.3.1 L1 Linux Host OS | Unix | |
| 1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json | CIS Docker v1.5.0 L1 Linux Host OS | Unix | |
| 1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json | CIS Docker v1.6.0 L2 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2 Harden the container host | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.2.9 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker | CIS Docker v1.2.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 1.3 Harden the container host | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Harden the container host | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Ensure only trusted users are allowed to control Docker daemon | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | ACCESS CONTROL |
| 1.6 Keep Docker up to date | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.7 Audit docker daemon | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2 Ensure the logging level is set to 'info' | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2 Ensure the logging level is set to 'info' - daemon.json | CIS Docker v1.2.0 L1 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3 Ensure the logging level is set to 'info' - dockerd | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 2.4 Do not use insecure registries | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Ensure Docker is allowed to make changes to iptables - daemon.json | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 2.4 Ensure Docker is allowed to make changes to iptables - daemon.json | CIS Docker v1.6.0 L1 Docker Linux | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure Docker is allowed to make changes to iptables - dockerd | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
| 2.4 Ensure Docker is allowed to make changes to iptables - dockerd | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 2.4 Ensure Docker is allowed to make changes to iptables - dockerd | CIS Docker v1.6.0 L1 Docker Linux | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure insecure registries are not used | CIS Docker v1.2.0 L1 Docker Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Ensure insecure registries are not used | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.5 Ensure insecure registries are not used | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
| 2.5 Ensure insecure registries are not used | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 2.5 Ensure insecure registries are not used | CIS Docker v1.6.0 L1 Docker Linux | Unix | CONFIGURATION MANAGEMENT |
| 3.6 Verify that docker.socket file permissions are set to 644 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.13 Ensure that Docker server certificate key file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.14 Verify that docker-storage environment file permissions are set to 644 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.16 Verify that Docker socket file permissions are set to 660 or more restrictive | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.19 Ensure that /etc/default/docker file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.20 Ensure that /etc/default/docker file permissions are set to 644 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.20 Verify that /etc/default/docker file permissions are set to 644 or more restrictive | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.10 Do not store secrets in Dockerfiles | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.1 Ensure swarm mode is not Enabled, if not needed | CIS Docker v1.6.0 L1 Docker Linux | Unix | CONFIGURATION MANAGEMENT |
| 5.1 Ensure swarm mode is not Enabled, if not needed | CIS Docker v1.6.0 L2 Docker Linux | Unix | CONFIGURATION MANAGEMENT |
| 5.31 Do not mount the Docker socket inside any containers | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.31 Ensure that the Docker socket is not mounted inside any containers | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
| 5.31 Ensure that the Docker socket is not mounted inside any containers | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 5.31 Ensure the Docker socket is not mounted inside any containers | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.32 Ensure that the Docker socket is not mounted inside any containers | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL |
| 7.1 Ensure swarm mode is not Enabled, if not needed | CIS Docker v1.2.0 L1 Docker Linux | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001940 - SELinux security options must be set on Red Hat or CentOS systems for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r1 | Unix | |
| DKER-EE-001940 - SELinux security options must be set on Red Hat or CentOS systems for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002400 - Docker Enterprise Swarm manager must be run in auto-lock mode. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-004370 - Docker Content Trust enforcement must be enabled in Universal Control Plane (UCP). | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v1r1 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-004370 - Docker Content Trust enforcement must be enabled in Universal Control Plane (UCP). | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DKER-EE-005270 - Docker Enterprise server certificate file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r1 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005280 - Docker Enterprise server certificate file permissions must be set to 444 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r1 | Unix | CONFIGURATION MANAGEMENT |
