UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Docker Enterprise Swarm manager auto-lock key must be rotated periodically.


Overview

Finding ID Version Rule ID IA Controls Severity
V-95733 DKER-EE-005070 SV-104871r1_rule Medium
Description
Rotate swarm manager auto-lock key periodically. Swarm manager auto-lock key is not automatically rotated. Rotate them periodically as a best practice. By default, keys are not rotated automatically.
STIG Date
Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide 2019-09-13

Details

Check Text ( C-94563r1_chk )
Interview the system administrator to identify the key rotation process. Determine if there is a key rotation record and if the keys are rotated at a pre-defined frequency.

If the swarm manager auto-lock key is not rotated on a regular basis, this is a finding.
Fix Text (F-101401r1_fix)
Run the below command to rotate the keys.

docker swarm unlock-key --rotate

Additionally, to facilitate audit for this recommendation, maintain key rotation records and ensure that a pre-defined frequency for key rotation is established.