CIS Docker EE benchmark

In January 2018, in partnership with the Center for Internet Security (CIS) and Microsoft, we began to collaborate on an updated version of the CIS Docker Benchmark to incorporate Docker Enterprise Edition security recommendations. This includes Docker EE Engine, Docker Trusted Registry (DTR), and Universal Control Plane (UCP). These updates will also include configuration items for Docker EE Engine on Windows Server, Windows Server host items, and Windows-based Docker image recommendations. We anticipate completion of the draft and final update of the Benchmark in 2018.

You can follow along and contribute to the development of this updated Benchmark by joining the CIS Docker Benchmarks Community in CIS WorkBench. The initial announcement of these updates can also be found in the Community Discussions here.

In the interim, you can reference the existing CIS Docker CE Benchmark recommendations per our guidance here and refer to our latest Docker EE Security Reference Architecture. We will update this page accordingly once the new CIS Benchmark updates have been completed.

CIS Benchmarks are reference documents designed to assist system administrators, security and audit professionals, and other technologists in establishing secure configuration baselines for specific technologies. CIS Benchmarks are developed by an open community of security practitioners and licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Internal Public License.