Docker standards and compliance
Estimated reading time: 1 minuteDocker Enterprise Edition can be configured and used in accordance with various security and compliance laws, regulations, and standards. Use the guidance in this section to verify and validate your Docker EE deployment against applicable security controls and configuration baselines. The catalogs, frameworks, publications, and benchmarks that we’ve highlighted thus far are as follows:
Laws:
Catalogs:
Frameworks:
- Federal Risk and Authorization Management Program (FedRAMP)
- Risk Management Framework (NIST SP 800-37)
Standards:
Container-Specific Publications:
- NIST Special Publication (SP) 800-190 - Application Container Security Guide
- NIST Interagency Report (NISTIR) 8176 - Security Assurance Requirements for Linux Application Container Deployments
- NIST Information Technology Laboratory (ITL) Bulletin October 2017 - NIST Guidance on Application Container Security
Benchmarks:
Docker maintains an open source repository where you can find a number of machine-readable compliance resources in addition to the source of this documentation. This repository also includes tools for automatically generating security documentation and auditing Docker Enterprise Edition systems against the security controls. An experimental natural language processing (NLP) utility is also included, for proofreading security narratives.
The guidance referenced here and at https://github.com/docker/compliance is provided for informational purposes only and has not been vetted by any third-party security assessors. You are solely responsible for developing, implementing, and managing your applications and subscriptions running on your own platform in compliance with applicable laws, regulations, and contractual obligations. The documentation is provided “as-is” and without any warranty of any kind, whether express, implied or statutory, and Docker, Inc. expressly disclaims all warranties for non-infringement, merchantability or fitness for a particular purpose.