STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-235872r627743_rule
V-235872
SRG-APP-000416
DKER-EE-006240
CAT II
10
Create overlay network with --opt encrypted flag.
Example:
docker network create --opt encrypted --driver overlay my-network
Ensure data exchanged between containers are encrypted on different nodes on the overlay network.
via CLI:
Linux: As a Docker EE Admin, follow the steps below using a Universal Control Plane (UCP) client bundle:
Run the below command and ensure that each overlay network has been encrypted.
docker network ls --filter driver=overlay --quiet | xargs docker network inspect --format '{{.Name}} {{ .Options }}' | grep -v "dtr\|interlock map\|ingress map"
If the network overlay drivers do not show [com.docker.network.driver.overlay"encrypted:" ask for evidence that encryption is being handled at the application layer, if no evidence of encryption at the network or application layer is provided, this is a finding.
V-235872
False
DKER-EE-006240
Ensure data exchanged between containers are encrypted on different nodes on the overlay network.
via CLI:
Linux: As a Docker EE Admin, follow the steps below using a Universal Control Plane (UCP) client bundle:
Run the below command and ensure that each overlay network has been encrypted.
docker network ls --filter driver=overlay --quiet | xargs docker network inspect --format '{{.Name}} {{ .Options }}' | grep -v "dtr\|interlock map\|ingress map"
If the network overlay drivers do not show [com.docker.network.driver.overlay"encrypted:" ask for evidence that encryption is being handled at the application layer, if no evidence of encryption at the network or application layer is provided, this is a finding.
M
5281