| 1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.toml | CIS Docker v1.8.0 L2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.3 Do not use development tools in production | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.6.4 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | |
| 1.7 Ensure MariaDB is Run Under a Sandbox Environment | CIS MariaDB 10.11 v1.0.0 L2 MariaDB RDBMS Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Ensure MariaDB is Run Under a Sandbox Environment | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Ensure MySQL is Run Under a Sandbox Environment | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Ensure MySQL is Run Under a Sandbox Environment | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L2 MySQL RDBMS Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Ensure MySQL is Run Under a Sandbox Environment | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L2 MySQL RDBMS Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Ensure MySQL is Run Under a Sandbox Environment | CIS Oracle MySQL Community Server 8.4 v1.1.0 L2 MySQL RDBMS Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Ensure MySQL is Run Under a Sandbox Environment | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS on Linux Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Ensure MySQL is Run Under a Sandbox Environment | CIS Oracle MySQL Community Server 8.4 v1.1.0 L2 MySQL RDBMS on Linux Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Ensure MySQL is Run Under a Sandbox Environment | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L2 MySQL RDBMS on Linux Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 Ensure the default ulimit is configured appropriately | CIS Docker v1.8.0 L1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 2.11 Ensure the default cgroup usage has been confirmed | CIS Docker v1.8.0 L2 OS Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.12 Ensure base device size is not changed until needed | CIS Docker v1.8.0 L2 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 2.18 Ensure that a daemon-wide custom seccomp profile is applied if appropriate | CIS Docker v1.8.0 L2 OS Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 3.9 Ensure that TLS CA certificate file ownership is set to root:root | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL |
| 3.10 Ensure that TLS CA certificate file permissions are set to 444 or more restrictively | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.24 Ensure that the Containerd socket file permissions are set to 660 or more restrictively | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Ensure that a user for the container has been created | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL |
| 4.3 Ensure that unnecessary packages are not installed in the container | CIS Docker v1.8.0 L1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 4.3.2.7 Ensure mrouted is not in use | CIS IBM AIX 7 v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Ensure images are scanned and rebuilt to include security patches | CIS Docker v1.8.0 L1 OS Linux | Unix | RISK ASSESSMENT |
| 4.5 Configure Solaris Auditing - active audit policies | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - active user default audit flags | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured audit policies | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured user default audit flags | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - not_terminated | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - p_minfree | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - Plugin | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - userattr audit_flags root | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.7 Ensure update instructions are not used alone in Dockerfiles | CIS Docker v1.8.0 L1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 4.8 Ensure setuid and setgid permissions are removed | CIS Docker v1.8.0 L2 OS Linux | Unix | ACCESS CONTROL |
| 4.9 Ensure that COPY is used instead of ADD in Dockerfiles | CIS Docker v1.8.0 L1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 4.11 Ensure only verified packages are installed | CIS Docker v1.8.0 L2 OS Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 4.12 Ensure all signed artifacts are validated | CIS Docker v1.8.0 L1 OS Linux | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.5.1 Ensure Container-Optimized OS (cos_containerd) is used for GKE Node images | CIS Google Kubernetes Engine GKE v1.9.0 L1 GCP | GCP | CONFIGURATION MANAGEMENT |
| 5.6 Ensure sensitive host system directories are not mounted on containers | CIS Docker v1.8.0 L1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 Ensure that only needed ports are open on the container | CIS Docker v1.8.0 L1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 5.14 Ensure that incoming container traffic is bound to a specific host interface | CIS Docker v1.8.0 L1 OS Linux | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.16 Ensure that the host's process namespace is not shared | CIS Docker v1.8.0 L1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.17 Ensure that the host's IPC namespace is not shared | CIS Docker v1.8.0 L1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure that container sprawl is avoided | CIS Docker v1.8.0 L1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Docker_1.6_v1.0.0_L1_Docker.audit Level 1 | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | |
| CIS_Docker_1.11.0_v1.0.0_L2.audit Level 2 | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | |
| CIS_Docker_1.12.0_v1.0.0_L1.audit Level 1 | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | |
| CIS_Docker_1.13.0_L1_v1.0.0.audit Level 1 | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | |
| CIS_Docker_1.13.0_L2_v1.0.0.audit Level 2 | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | |
| DKER-EE-002970 - The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP). | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | ACCESS CONTROL |
| DKER-EE-006280 - Docker Enterprise Universal Control Plane (UCP) must be configured to use TLS 1.2. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | ACCESS CONTROL |
