STIGQter: STIG Summary: Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Docker Enterprise Swarm manager auto-lock key must be rotated periodically.

DISA Rule

SV-235849r627674_rule

Vulnerability Number

V-235849

Group Title

SRG-APP-000516

Rule Version

DKER-EE-005070

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Run the below command to rotate the keys.

docker swarm unlock-key --rotate

Additionally, to facilitate audit for this recommendation, maintain key rotation records and ensure that a pre-defined frequency for key rotation is established.

Check Contents

Interview the system administrator to identify the key rotation process. Determine if there is a key rotation record and if the keys are rotated at a pre-defined frequency.

If the swarm manager auto-lock key is not rotated on a regular basis, this is a finding.

Vulnerability Number

V-235849

Documentable

False

Rule Version

DKER-EE-005070

Severity Override Guidance

Interview the system administrator to identify the key rotation process. Determine if there is a key rotation record and if the keys are rotated at a pre-defined frequency.

If the swarm manager auto-lock key is not rotated on a regular basis, this is a finding.

Check Content Reference

M

Target Key

5281

Comments