| 1.1.3 Ensure auditing is configured for the Docker daemon | CIS Docker v1.7.0 L1 Docker - Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.4 Only allow trusted users to control Docker daemon | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | ACCESS CONTROL |
| 1.8 Audit Docker files and directories - /var/lib/docker | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.8 Audit Docker files and directories - /var/lib/docker | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.8 Audit Docker files and directories - docker.service | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.8 Ensure auditing is configured for Docker files and directories - docker.service | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 1.10 Audit Docker files and directories - docker.service | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.10 Audit Docker files and directories - docker.service | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.11 Audit Docker files and directories - docker.socket | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.12 Audit Docker files and directories - docker.service | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.15 Do not enable swarm mode, if not needed | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.15 Do not enable swarm mode, if not needed | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.6 Ensure that /etc/docker directory permissions are set to 755 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | |
| 3.7 Verify that registry certificate file ownership is set to root:root | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.8 Ensure that registry certificate file permissions are set to 444 or more restrictively | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Verify that registry certificate file permissions are set to 444 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.11 Ensure that Docker server certificate file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.11 Ensure that Docker server certificate file ownership is set to root:root | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL |
| 3.11 Verify that Docker server certificate file ownership is set to root:root | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.11 Verify that Docker server certificate file ownership is set to root:root | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.12 Ensure that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.12 Verify that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.12 Verify that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.13 Ensure that the Docker server certificate key file ownership is set to root:root | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL |
| 3.14 Ensure that the Docker server certificate key file permissions are set to 400 | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.21 Verify that Docker server certificate file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.22 Verify that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.2 Ensure that containers use trusted base images | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Restrict Linux Kernel Capabilities within containers | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.9 Do not share the host's network namespace | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 Ensure the host's network namespace is not shared | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.23 Do not docker exec commands with user option | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | |
| 5.23 Do not docker exec commands with user option | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | |
| 5.23 Do not docker exec commands with user option | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | |
| 5.23 Ensure docker exec commands are not used with user option | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | |
| 5.23 Ensure that docker exec commands are not used with the privileged option | CIS Docker v1.7.0 L2 Docker - Linux | Unix | ACCESS CONTROL |
| 5.24 Confirm cgroup usage | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.24 Ensure cgroup usage is confirmed | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4 Avoid image sprawl | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 6.6 Avoid image sprawl | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 7.1 Ensure swarm mode is not Enabled, if not needed | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001970 - SSH must not run within Linux containers for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002030 - All Docker Enterprise containers root filesystem must be mounted as read only. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002110 - All Docker Enterprise containers must be restricted from acquiring additional privileges. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP) - max-file | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP) - max-size | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-005240 - Docker Enterprise registry certificate file permissions must be set to 444 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005280 - Docker Enterprise server certificate file permissions must be set to 444 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005350 - Docker Enterprise /etc/default/docker file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005360 - Docker Enterprise /etc/default/docker file permissions must be set to 644 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
