Back

Configure “Docker” to organizational standards.


CONTROL ID
14457
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):
  • Configure the "autolock" argument to organizational standards., CC ID: 14547
  • Configure the "COPY" instruction to organizational standards., CC ID: 14515
  • Configure the "memory" argument to organizational standards., CC ID: 14497
  • Configure the "docker0" bridge to organizational standards., CC ID: 14504
  • Configure the "docker exec commands" to organizational standards., CC ID: 14502
  • Configure the "health-cmd" argument to organizational standards., CC ID: 14527
  • Configure the "HEALTHCHECK" to organizational standards., CC ID: 14511
  • Configure the maximum number of images to organizational standards., CC ID: 14545
  • Configure the minimum number of manager nodes to organizational standards., CC ID: 14543
  • Configure the "on-failure" restart policy to organizational standards., CC ID: 14542
  • Configure the maximum number of containers to organizational standards., CC ID: 14540
  • Configure the "lifetime_minutes" to organizational standards., CC ID: 14539
  • Configure the "Linux kernel capabilities" to organizational standards., CC ID: 14531
  • Configure the "Docker socket" to organizational standards., CC ID: 14506
  • Configure the "read-only" argument to organizational standards., CC ID: 14498
  • Configure the signed image enforcement to organizational standards., CC ID: 14517
  • Configure the "storage-opt" argument to organizational standards., CC ID: 14658
  • Configure the "swarm services" to organizational standards., CC ID: 14516
  • Configure the "experimental" argument to organizational standards., CC ID: 14494
  • Configure the cluster role-based access control policies to organizational standards., CC ID: 14514
  • Configure the "secret management commands" to organizational standards., CC ID: 14512
  • Configure the "renewal_threshold_minutes" to organizational standards., CC ID: 14538
  • Configure the "docker swarm unlock-key" command to organizational standards., CC ID: 14490
  • Configure the "per_user_limit" to organizational standards., CC ID: 14523
  • Configure the "privileged" argument to organizational standards., CC ID: 14510
  • Configure the "update instructions" to organizational standards., CC ID: 14525
  • Configure the "swarm mode" to organizational standards., CC ID: 14508
  • Configure the "USER" directive to organizational standards., CC ID: 14507
  • Configure the "DOCKER_CONTENT_TRUST" to organizational standards., CC ID: 14488
  • Configure the "no-new-privileges" argument to organizational standards., CC ID: 14474
  • Configure the "seccomp-profile" argument to organizational standards., CC ID: 14503
  • Configure the "cpu-shares" argument to organizational standards., CC ID: 14489
  • Configure the "volume" argument to organizational standards., CC ID: 14533
  • Configure the "cgroup-parent" to organizational standards., CC ID: 14466
  • Configure the "live-restore" argument to organizational standards., CC ID: 14465
  • Configure the "userland-proxy" argument to organizational standards., CC ID: 14464
  • Configure the "user namespace support" to organizational standards., CC ID: 14462


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Ensure that authorization for Docker client commands is enabled Description: You should use native Docker authorization plugins or a third party authorization mechanism with the Docker daemon to manage access to Docker client commands. Rationale: Docker's out-of-the-box authorization model is curren… (2.11, The Center for Internet Security Docker Level 2 Docker Linux Benchmark, 1.2.0)