Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-95733 | DKER-EE-005070 | SV-104871r1_rule | Medium |
Description |
---|
Rotate swarm manager auto-lock key periodically. Swarm manager auto-lock key is not automatically rotated. Rotate them periodically as a best practice. By default, keys are not rotated automatically. |
STIG | Date |
---|---|
Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide | 2019-09-13 |
Check Text ( C-94563r1_chk ) |
---|
Interview the system administrator to identify the key rotation process. Determine if there is a key rotation record and if the keys are rotated at a pre-defined frequency. If the swarm manager auto-lock key is not rotated on a regular basis, this is a finding. |
Fix Text (F-101401r1_fix) |
---|
Run the below command to rotate the keys. docker swarm unlock-key --rotate Additionally, to facilitate audit for this recommendation, maintain key rotation records and ensure that a pre-defined frequency for key rotation is established. |