| 1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd | CIS Docker v1.8.0 L2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1 | CIS Docker v1.8.0 L2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runc | CIS Docker v1.8.0 L2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3 Allow Docker to make changes to iptables | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Configure TCP Wrappers - Allow localhost. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Configure TCP Wrappers - Deny access to this server from all networks | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Configure TCP Wrappers - Make sure that /etc/hosts.allow does exist. | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Configure TCP Wrappers - Make sure that /etc/hosts.deny does exist. | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 2.8 Enable user namespace support | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | |
| 2.9 Confirm default cgroup usage | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 Confirm default cgroup usage | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Configure centralized and remote logging | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 2.12 Configure centralized and remote logging | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 2.12 Ensure centralized and remote logging is configured | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 2.22 Use Docker's secret management commands for managing secrets in a Swarm cluster | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Enable Stack Protection - Makes sure 'noexec_user_stack_log' is set to 1 in /etc/system. Note: Only applicable if NX bit is set. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Enable Stack Protection - Makes sure 'noexec_user_stack' is set to 1 in /etc/system. Note: Only applicable if NX bit is set. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.5 Ensure that the /etc/docker directory ownership is set to root:root | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL |
| 3.6 Ensure that /etc/docker directory permissions are set to 755 or more restrictively | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.19 Verify that /etc/default/docker file ownership is set to root:root | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.19 Verify that /etc/default/docker file ownership is set to root:root | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.3 Enable Debug Level Daemon Logging - Check if permissions for /var/log/connlog are OK. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing - Check audit condition is set to auditing | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1 Do not disable AppArmor | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.1 Do not disable AppArmor Profile | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.1 Ensure AppArmor Profile is Enabled | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.2 Verify SELinux security options, if applicable (Scored) | CIS Docker 1.6 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.3 Restrict Linux Kernel Capabilities within containers | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.12 Ensure the container's root filesystem is mounted as read only | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.13 Ensure that the container's root filesystem is mounted as read only | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.21 Do not disable default seccomp profile | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.22 Do not docker exec commands with privileged option | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | |
| 6.12 Set EEPROM Security Mode and Log Failed Access - SPARC only. Should *not* be 'security-mode=none'. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.3 Set Strong Password Creation Policies - Check DICTIONLIST is set to /usr/share/lib/dict/words | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check MINLOWER is set to 1 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check MINUPPER is set to 1 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check NAMECHECK is set to YES | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.5 Ensure Docker's secret management commands are used for managing secrets in a Swarm cluster | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | CONFIGURATION MANAGEMENT |
| 7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/profile. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.6 Set Default umask for Users, Check if 'UMASK' is set to 077. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.8 Set 'mesg n' as Default for All Users in /etc/.login | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 7.8 Set 'mesg n' as Default for All Users in /etc/profile | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.labelString' is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if file permissions for files under /etc/dt/config/*/Xresources are OK. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| DKER-EE-001590 - Docker Enterprise must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-001950 - Linux Kernel capabilities must be restricted within containers as defined in the System Security Plan (SSP) for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005210 - Docker Enterprise /etc/docker directory ownership must be set to root:root - CentOS/RHEL | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005210 - Docker Enterprise /etc/docker directory ownership must be set to root:root - Ubuntu | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005220 - Docker Enterprise /etc/docker directory permissions must be set to 755 or more restrictive - CentOS/RHEL | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005220 - Docker Enterprise /etc/docker directory permissions must be set to 755 or more restrictive - Ubuntu | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
