I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000190
<GroupDescription></GroupDescription>Group -
The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise.
<VulnDiscussion>The Universal Control Plane (UCP) component of Docker Enterprise includes a built-in access authorization mechanism called eN...Rule Medium Severity -
SRG-APP-000231
<GroupDescription></GroupDescription>Group -
Docker Secrets must be used to store configuration files and small amounts of user-generated data (up to 500 kb in size) in Docker Enterprise.
<VulnDiscussion>By leveraging Docker Secrets or Kubernetes secrets to store configuration files and small amounts of user-generated data (up ...Rule Medium Severity -
SRG-APP-000247
<GroupDescription></GroupDescription>Group -
Docker Enterprise container health must be checked at runtime.
<VulnDiscussion>If the container image does not have an HEALTHCHECK instruction defined, use --health-cmd parameter at container runtime for ...Rule Medium Severity -
SRG-APP-000247
<GroupDescription></GroupDescription>Group -
PIDs cgroup limits must be used in Docker Enterprise.
<VulnDiscussion>Use --pids-limit flag at container runtime. Attackers could launch a fork bomb with a single command inside the container. T...Rule Medium Severity -
SRG-APP-000295
<GroupDescription></GroupDescription>Group -
The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).
<VulnDiscussion>The Universal Control Plane (UCP) component of Docker Enterprise includes a built-in access authorization mechanism called eN...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.