STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Docker Enterprise log aggregation/SIEM systems must be configured to send an alert the ISSO/ISSM when unauthorized software is installed.

DISA Rule

SV-235836r627635_rule

Vulnerability Number

V-235836

Group Title

SRG-APP-000377

Rule Version

DKER-EE-003460

Severity

CAT II

CCI(s)

• CCI-001811 - The information system alerts organization-defined personnel or roles when the unauthorized installation of software is detected.

Weight

10

Fix Recommendation

Work with the SIEM administrator to create an alert to notify the ISSO/ISSM when unauthorized software is installed on Docker nodes.

Check Contents

Work with the SIEM administrator to determine if an alert is configured to notify the ISSO/ISSM when unauthorized software is installed on Docker nodes.

If there is no alert configured, this is a finding.

Vulnerability Number

V-235836

Documentable

False

Rule Version

DKER-EE-003460

Severity Override Guidance

Work with the SIEM administrator to determine if an alert is configured to notify the ISSO/ISSM when unauthorized software is installed on Docker nodes.

If there is no alert configured, this is a finding.

Check Content Reference

M

Target Key

5281

Comments