Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-235826 | DKER-EE-002660 | SV-235826r627605_rule | Medium |
Description |
---|
By leveraging Docker Secrets or Kubernetes secrets to store configuration files and small amounts of user-generated data (up to 500 kb in size), the data is encrypted at rest by the Engine's FIPS-validated cryptography. |
STIG | Date |
---|---|
Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide | 2021-03-26 |
Check Text ( C-39045r627603_chk ) |
---|
Review System Security Plan (SSP) and identify applications that leverage configuration files and/or small amounts of user-generated data, ensure that data is stored in Docker Secrets or Kubernetes Secrets. Using a Universal Control Plane (UCP) client bundle, verify that secrets are in use by executing the following commands: docker secret ls Confirm containerized applications identified in SSP as utilizing Docker secrets have a corresponding secret configured. If the SSP requires Docker secrets be used but the containerized application does not use Docker secrets, this is a finding. |
Fix Text (F-39008r627604_fix) |
---|
For all containerized applications that leverage configuration files and/or small amounts of user-generated data, store that data in Docker Secrets. All secrets should be created and managed using a UCP client bundle. A reference for the use of docker secrets can be found at https://docs.docker.com/engine/swarm/secrets/. |