DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1

Audit Details

Name: DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1

Updated: 4/12/2023

Authority: DISA STIG

Plugin: Unix

Revision: 1.4

Estimated Item Count: 18

File Details

Filename: DISA_STIG_Docker_Enterprise_2.x_Linux_Unix_UCP_v2r1.audit

Size: 80.8 kB

MD5: 4f2eca9dca6450f7a2f22c1ecb0ca4ac
SHA256: 9f40afe61a59ffbb6df27b92fe19e305a4f8611c16c40af2497946aadb2648e5

Audit Items

DescriptionCategories
DISA_STIG_Docker_Enterprise_2.x_Linux_Unix_UCP_v2r1.audit from DISA Docker Enterprise 2.x Linux/UNIX v2r1 STIG
DKER-EE-001000 - The Docker Enterprise Per User Limit Login Session Control in the Universal Control Plane (UCP) Admin Settings must be set to an organization-defined value for all accounts and/or account types.

ACCESS CONTROL

DKER-EE-001080 - The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

DKER-EE-001100 - LDAP integration in Docker Enterprise must be configured.

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member access

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

DKER-EE-001870 - The Docker Enterprise self-signed certificates in Universal Control Plane (UCP) must be replaced with DoD trusted, signed certificates.

CONFIGURATION MANAGEMENT

DKER-EE-001890 - The option in Universal Control Plane (UCP) allowing users and administrators to schedule containers on all nodes, including UCP managers and Docker Trusted Registry (DTR) nodes must be disabled in Docker Enterprise.

CONFIGURATION MANAGEMENT

DKER-EE-001910 - Periodic data usage and analytics reporting in Universal Control Plane (UCP) must be disabled in Docker Enterprise.

CONFIGURATION MANAGEMENT

DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise.

IDENTIFICATION AND AUTHENTICATION

DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - lifetime_minutes

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - renewal_threshold_minutes

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-002970 - The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).

ACCESS CONTROL

DKER-EE-003590 - Content Trust enforcement must be enabled in Universal Control Plane (UCP) in Docker Enterprise.

CONFIGURATION MANAGEMENT

DKER-EE-003920 - Universal Control Plane (UCP) must be integrated with a trusted certificate authority (CA) in Docker Enterprise.

SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-004370 - Docker Content Trust enforcement must be enabled in Universal Control Plane (UCP).

SYSTEM AND INFORMATION INTEGRITY

DKER-EE-006190 - Docker Enterprise Universal Control Plane (UCP) must be integrated with a trusted certificate authority (CA).

IDENTIFICATION AND AUTHENTICATION

DKER-EE-006280 - Docker Enterprise Universal Control Plane (UCP) must be configured to use TLS 1.2.

ACCESS CONTROL