- DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.
- DKER-EE-001070 - FIPS mode must be enabled on all Docker Engine - Enterprise nodes - docker info .SecurityOptions
- DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker paths
- DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker services
- DKER-EE-001190 - Docker Enterprise sensitive host system directories must not be mounted on containers.
- DKER-EE-001240 - The Docker Enterprise hosts process namespace must not be shared.
- DKER-EE-001250 - The Docker Enterprise hosts IPC namespace must not be shared.
- DKER-EE-001370 - log-opts on all Docker Engine - Enterprise nodes must be configured.
- DKER-EE-001590 - Docker Enterprise must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
- DKER-EE-001770 - Docker Incs official GPG key must be added to the host using the users operating systems respective package repository management tooling.
- DKER-EE-001800 - The insecure registry capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled.
- DKER-EE-001810 - On Linux, a non-AUFS storage driver in the Docker Engine - Enterprise component of Docker Enterprise must be used.
- DKER-EE-001830 - The userland proxy capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled.
- DKER-EE-001840 - Experimental features in the Docker Engine - Enterprise component of Docker Enterprise must be disabled.
- DKER-EE-001930 - An appropriate AppArmor profile must be enabled on Ubuntu systems for Docker Enterprise.
- DKER-EE-001940 - SELinux security options must be set on Red Hat or CentOS systems for Docker Enterprise.
- DKER-EE-001950 - Linux Kernel capabilities must be restricted within containers as defined in the System Security Plan (SSP) for Docker Enterprise.
- DKER-EE-001960 - Privileged Linux containers must not be used for Docker Enterprise.
- DKER-EE-001970 - SSH must not run within Linux containers for Docker Enterprise.
- DKER-EE-001990 - Only required ports must be open on the containers in Docker Enterprise.
- DKER-EE-002000 - Docker Enterprise hosts network namespace must not be shared.
- DKER-EE-002010 - Memory usage for all containers must be limited in Docker Enterprise.
- DKER-EE-002020 - Docker Enterprise CPU priority must be set appropriately on all containers.
- DKER-EE-002030 - All Docker Enterprise containers root filesystem must be mounted as read only.
- DKER-EE-002040 - Docker Enterprise host devices must not be directly exposed to containers.
- DKER-EE-002050 - Mount propagation mode must not set to shared in Docker Enterprise.
- DKER-EE-002060 - The Docker Enterprise hosts UTS namespace must not be shared.
- DKER-EE-002070 - The Docker Enterprise default seccomp profile must not be disabled.
- DKER-EE-002080 - Docker Enterprise exec commands must not be used with privileged option.
- DKER-EE-002090 - Docker Enterprise exec commands must not be used with the user option.