| 2.8 Enable user namespace support - /etc/subgid | |
| 2.8 Enable user namespace support - /etc/subuid | |
| 2.8 Enable user namespace support --userns-remap=default | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 Ensure the default cgroup usage has been confirmed | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10 Ensure base device size is not changed until needed | |
| 2.11 Ensure that authorization for Docker client commands is enabled | IDENTIFICATION AND AUTHENTICATION |
| 2.12 Ensure centralized and remote logging is configured | AUDIT AND ACCOUNTABILITY |
| 2.16 Ensure daemon-wide custom seccomp profile is applied, if needed | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Ensure Content trust for Docker is Enabled | SYSTEM AND INFORMATION INTEGRITY |
| 4.8 Ensure setuid and setgid permissions are removed in the images | |
| 4.11 Ensure verified packages are only Installed | CONFIGURATION MANAGEMENT |
| 5.2 Ensure SELinux security options are set, if applicable | ACCESS CONTROL |
| 5.22 Ensure docker exec commands are not used with privileged option | |
| 5.23 Ensure docker exec commands are not used with user option | |
| 5.29 Ensure Docker's default bridge docker0 is not used | CONFIGURATION MANAGEMENT |
| 7.5 Ensure Docker's secret management commands are used for managing secrets in a Swarm cluster | CONFIGURATION MANAGEMENT |
| 7.8 Ensure node certificates are rotated as appropriate | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure CA certificates are rotated as appropriate | IDENTIFICATION AND AUTHENTICATION |
| 7.10 Ensure management plane traffic has been separated from data plane traffic | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS Docker Community Edition v1.1.0 L2 Docker | CONFIGURATION MANAGEMENT |
