| 1.1.1 Ensure that the --allow-privileged argument is set to false | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd | CIS Docker v1.7.0 L1 Docker - Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd | CIS Docker v1.7.0 L2 Docker - Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim | CIS Docker v1.7.0 L2 Docker - Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1 | CIS Docker v1.7.0 L2 Docker - Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.1 Ensure that the --allow-privileged argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 2.1.1 Ensure that the --allow-privileged argument is set to false | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 2.4 Configure TCP Wrappers - enable tcp_wrappers for inetd | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.4 Configure TCP Wrappers - enable tcp_wrappers for rpc/bind. Note: This check is recommended by CIS, but not required. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Configure TCP Wrappers - Make sure that /etc/hosts.deny does exist. | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 2.12 Configure centralized and remote logging | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 2.13 Ensure centralized and remote logging is configured | CIS Docker v1.7.0 L2 Docker - Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 Verify that docker.service file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Enable Stack Protection - Makes sure 'noexec_user_stack_log' is set to 1 in /etc/system. Note: Only applicable if NX bit is set. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.5 Ensure that the /etc/docker directory ownership is set to root:root | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL |
| 3.17 Verify that registry certificate file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.23 Ensure that the Containerd socket file ownership is set to root:root | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL |
| 4.3 Enable Debug Level Daemon Logging - Check if permissions for /var/log/connlog are OK. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Debug Level Daemon Logging/4.4 Capture syslog AUTH Messages - Check if svc:/system/system-log is online | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing, Check if 'flags:lo,ad,cc' is set in /etc/security/audit_control. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing, Check if 'minfree:20' is set in /etc/security/audit_control. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1 Do not disable AppArmor | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.1 Do not disable AppArmor Profile | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.1 Ensure AppArmor Profile is Enabled | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.4 Ensure that Linux kernel capabilities are restricted within containers | CIS Docker v1.7.0 L1 Docker - Linux | Unix | CONFIGURATION MANAGEMENT |
| 5.22 Do not docker exec commands with privileged option | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | |
| 5.29 Do not use Docker's default bridge docker0 | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | CONFIGURATION MANAGEMENT |
| 6.5 Avoid container sprawl | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.7 Avoid container sprawl | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.9 Harden host operating system | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| 7.2 Set Password Expiration Parameters on Active Accounts - Check MINWEEKS is set to 1 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Password Expiration Parameters on Active Accounts - Check WARNWEEKS is set to 4 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check DICTIONLIST is set to /usr/share/lib/dict/words | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check MINLOWER is set to 1 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check MINUPPER is set to 1 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check NAMECHECK is set to YES | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check PASSLENGTH is set to 8 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - WHITESPACE is set to YES | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.5 Ensure that swarm manager is run in auto-lock mode | CIS Docker v1.7.0 L1 Docker Swarm | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/profile. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.6 Set Default umask for Users, Check if 'UMASK' is set to 077. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.7 Set Default umask for FTP Users - Check if 'defumask' is set to 077. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.8 Set 'mesg n' as Default for All Users in /etc/.login | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 7.8 Set 'mesg n' as Default for All Users in /etc/profile | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 8.2 Create Warning Banner for CDE Users - CDE package was not found | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.labelString' is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if file permissions for files under /etc/dt/config/*/Xresources are OK. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| DKER-EE-002010 - Memory usage for all containers must be limited in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002060 - The Docker Enterprise hosts UTS namespace must not be shared. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-003320 - All Docker Engine - Enterprise nodes must be configured with a log driver plugin that sends logs to a remote log aggregation system (SIEM). | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
