CIS Docker Community Edition v1.1.0 L2 Docker

Audit Details

Name: CIS Docker Community Edition v1.1.0 L2 Docker

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.16

Estimated Item Count: 20

File Details

Filename: CIS_Docker_Community_Edition_L2_Docker_v1.1.0.audit

Size: 35.6 kB

MD5: 9811848e60619d47ed17ff80ceff59b2
SHA256: 095fff06dec225cf0382f6e8d5f50a22dc5b0fb9b4fb075d062531fc23102d4c

Audit Items

DescriptionCategories
2.8 Enable user namespace support - /etc/subgid
2.8 Enable user namespace support - /etc/subuid
2.8 Enable user namespace support --userns-remap=default

SYSTEM AND COMMUNICATIONS PROTECTION

2.9 Ensure the default cgroup usage has been confirmed

SYSTEM AND COMMUNICATIONS PROTECTION

2.10 Ensure base device size is not changed until needed
2.11 Ensure that authorization for Docker client commands is enabled

IDENTIFICATION AND AUTHENTICATION

2.12 Ensure centralized and remote logging is configured

AUDIT AND ACCOUNTABILITY

2.16 Ensure daemon-wide custom seccomp profile is applied, if needed

SYSTEM AND COMMUNICATIONS PROTECTION

4.5 Ensure Content trust for Docker is Enabled

SYSTEM AND INFORMATION INTEGRITY

4.8 Ensure setuid and setgid permissions are removed in the images
4.11 Ensure verified packages are only Installed

CONFIGURATION MANAGEMENT

5.2 Ensure SELinux security options are set, if applicable

ACCESS CONTROL

5.22 Ensure docker exec commands are not used with privileged option
5.23 Ensure docker exec commands are not used with user option
5.29 Ensure Docker's default bridge docker0 is not used

CONFIGURATION MANAGEMENT

7.5 Ensure Docker's secret management commands are used for managing secrets in a Swarm cluster

CONFIGURATION MANAGEMENT

7.8 Ensure node certificates are rotated as appropriate

SYSTEM AND COMMUNICATIONS PROTECTION

7.9 Ensure CA certificates are rotated as appropriate

IDENTIFICATION AND AUTHENTICATION

7.10 Ensure management plane traffic has been separated from data plane traffic

SYSTEM AND COMMUNICATIONS PROTECTION

CIS Docker Community Edition v1.1.0 L2 Docker