Contact Us
Cavirin Systems, Inc. Cavirin Systems, Inc.
 
  • Product
  • Environments
    • AWS
    • Azure
    • Google Cloud
    • Docker/Kubernetes
  • Solutions
    • Secure Cloud
    • Secure Compute
    • Cloud Compliance
  • Customers
  • Resources
  • Blog
  • Support
  • Search Icon
  • Home
  • Login

CIS Docker 1.13 Benchmark is now available

CIS Docker 1.13 Benchmark is now available

Docker yesterday released Version 1.13 and today, we are announcing the release of CIS Docker 1.13 Benchmark, with Cavirin as a key contributor. The CIS Docker community has worked extremely hard to ensure that the time lag between the software availability and security recommendations is almost zero, a leading example of the concurrent availability of security guidance with implementations.

Download your copy from the CIS website.

The changelog between CIS Docker 1.12 benchmark and CIS Docker 1.13 benchmark is as follows:

Rules added with the Docker 1.13 benchmark

  • 2.19 Encrypt data exchanged between containers on different nodes on the overlay network
  • 2.20 Apply a daemon-wide custom seccomp profile, if needed
  • 2.21 Avoid experimental features in production
  • 2.22 Use Docker's secret management commands for managing secrets in a Swarm cluster
  • 2.23 Run swarm manager in auto-lock mode
  • 2.24 Rotate swarm manager auto-lock key periodically

Rules modified from Docker 1.12 benchmark

  • 2.8 Enable user namespace support - Updated Audit Procedure
  • 2.5 Avoid container sprawl - Updated Remediation and Audit Procedure
  • 2.3 Keep Docker up to date - Re-worded

Rules deleted in the Docker 1.13 benchmark

  • 1.2 Use the updated Linux Kernel
  • 1.3 Remove all non-essential services from the host

It is easy to understand new additions to the benchmark given the pace of innovation at Docker and the energetic community behind it. But, you might be curious to know why we deleted a couple of rules above?

CIS benchmark development is community-consensus driven. Every change to the benchmark is vetted for consistency, technical accuracy and alignment with current requirements in production.

Rule 1.2 has become obsolete given that most of the Linux distributions are now shipped with the updated kernel that fulfils Docker install kernel requirements. When Docker began, that was really an important thing to check for to run production workloads to ensure reliability.

Rule 1.3 is typically addressed in their respective CIS Linux benchmarks. Hence, this was a duplicate from other benchmarks and got deleted as well. CIS Docker benchmark provides core security guidance for Docker deployments and eliminates obsolete recommendations.

Cavirin Systems automatically scans container workloads against the CIS benchmark. Its agentless discovery mechanism quickly builds inventory of your Docker host instances and containers and runs a deep inspection against the entire CIS benchmark.

Check us out!

Details
Category: Docker Container Security
  • Prev
  • Next

Subscribe

Tag Cloud

  • security platform
  • Remediation
  • NIST
  • Hybrid-Infrastructure
  • hybrid cloud
  • hipaa
  • Devops
  • Data Security
  • Cybersecurity
  • CyberPosture
  • Containers
  • Compliance
  • Cloud Security
  • CIS Benchmarks
  • AWS

Categories

  • Continuous Security Assessment & Remediation (18)

  • Amazon Web Services (AWS) (4)

  • Cloud Migration (6)

  • CyberPosture (8)

  • DevOps (11)

  • Docker Container Security (8)

  • Google Cloud Platform (GCP) (2)

  • Regulatory Compliance (9)

  • Risk Management & Analytics (3)

  • Security Compliance Platform (10)

  • Security Programs and ISMS (4)

  • Trending in Security (29)

About Cavirin

Cavirin is the only organization that delivers cyberposture intelligence for the hybrid cloud by providing real-time risk & cybersecurity posture management, continuous compliance, further integrating security into DevOps.

Company

  • About Us
  • Leadership
  • Advisory Board
  • Careers
  • News & Events
  • Contact
  • End User License Agreement

Cavirin Partners

  • Partners
  • Partner with Cavirin
  • Global Channel Partners
  • Technology Alliances
  • Partner Program

Contact Us

Phone: 408-200-3544
Email: info@cavirin.com

5201 Great America Pkwy.
Suite 419,
Santa Clara,
CA 95054

© 2019 Cavirin Systems, Inc. All rights reserved.

  • Login
  • Support Desk
  • Privacy Policy
  • Sitemap
  •   
  •   
  •   
How can we help you
X