Skip to content

II - Mission Support Classified

Rules and Groups employed by this XCCDF Profile

  • Docker Enterprise container health must be checked at runtime.

    <VulnDiscussion>If the container image does not have an HEALTHCHECK instruction defined, use --health-cmd parameter at container runtime for ...
    Rule Medium Severity
  • SRG-APP-000247

    <GroupDescription></GroupDescription>
    Group
  • PIDs cgroup limits must be used in Docker Enterprise.

    &lt;VulnDiscussion&gt;Use --pids-limit flag at container runtime. Attackers could launch a fork bomb with a single command inside the container. T...
    Rule Medium Severity
  • SRG-APP-000295

    <GroupDescription></GroupDescription>
    Group
  • The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).

    &lt;VulnDiscussion&gt;The Universal Control Plane (UCP) component of Docker Enterprise includes a built-in access authorization mechanism called eN...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules