STIGQter STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Docker Enterprise secret management commands must be used for managing secrets in a Swarm cluster.

DISA Rule

SV-235824r627599_rule

Vulnerability Number

V-235824

Group Title

SRG-APP-000176

Rule Version

DKER-EE-002410

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Update the SSP so that it includes documented processes for using Docker secrets commands to manage sensitive data that can be stored in key/value pairs. Examples include API tokens, database connection strings and credentials, SSL certificates, and the like. Follow docker secret documentation and use it to manage secrets effectively. This documentation can be found at https://docs.docker.com/engine/swarm/secrets/.

Check Contents

Ensure Docker's secret management commands are used for managing secrets in a Swarm cluster.

Refer to the System Security Plan (SSP) and verify that it includes documented processes for using Docker secrets commands to manage sensitive data that can be stored in key/value pairs. Examples include API tokens, database connection strings and credentials, SSL certificates, and the like.

If the SSP does not have this documented, then this is a finding.

Vulnerability Number

V-235824

Documentable

False

Rule Version

DKER-EE-002410

Severity Override Guidance

Ensure Docker's secret management commands are used for managing secrets in a Swarm cluster.

Refer to the System Security Plan (SSP) and verify that it includes documented processes for using Docker secrets commands to manage sensitive data that can be stored in key/value pairs. Examples include API tokens, database connection strings and credentials, SSL certificates, and the like.

If the SSP does not have this documented, then this is a finding.

Check Content Reference

M

Target Key

5281

Comments