CIS Docker CE benchmark

The Center for Internet Security (CIS) Docker Community Edition (CE) Benchmark is a reference document designed to assist system administrators, security and audit professionals, and other technologists in establishing a secure configuration baseline for the Docker CE Engine. CIS Benchmarks are developed by an open community of security practitioners and licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Internal Public License.

The latest benchmark for Docker CE 17.06 (CIS Benchmark v1.1.0) can be found here. This benchmark is only applicable to the Docker Community Edition Engine and does not encompass many of the security capabilities designed to help your organization satisfy crucial compliance requirements and that which are provided by the complete Docker Enterprise Edition stack.

Below is a list of tools and resources that can be used to automate the validation of an instance of Docker CE Engine against the CIS Docker CE Benchmark:

• Docker Bench for Security
• CIS Docker CE Benchmark InSpec Profile