| 1.2 Use the updated Linux Kernel | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2 Use the updated Linux Kernel | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.4 Remove all non-essential services from the host - DPKG | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Remove all non-essential services from the host - RPM | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Remove all non-essential services from the host - RPM | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Remove all non-essential services from the host - Running Processes | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Remove all non-essential services from the host - Running Processes | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Remove all non-essential services from the host - Sockets | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Remove all non-essential services from the host - Sockets | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 2.2 Ensure 'Protect RE' Firewall Filter includes explicit terms for all Management Services | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_ACCEPT : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_ACCEPT : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_ACCEPT : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_CONNECT : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_CONNECT : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_CONNECT : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_inetd_connect : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_inetd_connect : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_inetd_connect : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_SOCKACCEPT : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_SOCKACCEPT : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_SOCKACCEPT : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_SOCKCONNECT : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_SOCKCONNECT : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_SOCKCONNECT : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FACLSET : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHMOD : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHOWN : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHOWN : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Ensure Content trust for Docker is Enabled | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.7.2 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS Kubernetes v1.23 Benchmark v1.0.1 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.7.2 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure container sprawl is avoided | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.5 Avoid container sprawl | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.8 Disable Host-based Authentication for Login-based Services - rlogin auth sufficient pam_rhosts_auth.so.1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.8 Disable Host-based Authentication for Login-based Services - rlogin auth sufficient pam_rhosts_auth.so.1 | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.8 Disable Host-based Authentication for Login-based Services - rsh auth sufficient pam_rhosts_auth.so.1 | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.8 Disable Host-based Authentication for Login-based Services - rsh auth sufficient pam_rhosts_auth.so.1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CIS VMware ESXi 5.5 v1.2.0 Level 1 | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| CIS VMware ESXi 5.5 v1.2.0 Level 2 | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | |
| DKER-EE-002020 - Docker Enterprise CPU priority must be set appropriately on all containers. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002410 - Docker Enterprise secret management commands must be used for managing secrets in a Swarm cluster. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DKER-EE-003460 - The Docker Enterprise log aggregation/SIEM systems must be configured to send an alert the ISSO/ISSM when unauthorized software is installed. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-003840 - Vulnerability scanning must be enabled for all repositories in the Docker Trusted Registry (DTR) component of Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | RISK ASSESSMENT |
| DKER-EE-003920 - Universal Control Plane (UCP) must be integrated with a trusted certificate authority (CA) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-004040 - The Docker Enterprise default ulimit must not be overwritten at runtime unless approved in the System Security Plan (SSP). | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-005080 - Docker Enterprise node certificates must be rotated as defined in the System Security Plan (SSP). | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-006190 - Docker Enterprise Universal Control Plane (UCP) must be integrated with a trusted certificate authority (CA). | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DKER-EE-006240 - Docker Enterprise data exchanged between Linux containers on different nodes must be encrypted on the overlay network. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| TCAT-AS-000390 - $CATALINA_HOME/bin folder permissions must be set to 750. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
