Details
https://docs.docker.com/articles/basics/#bind-docker-to-another-hostport-or-a-unix-socket
Solution
Do not bind the Docker daemon to any IP and Port or a non-default Unix socket.For example, do not start the Docker daemon as below-$> docker -H tcp-//10.1.2.3-2375 -H unix-///var/run/example.sock -d
Impact-No one can have full access to Docker daemon except ‘root’. Alternatively, you should
configure the TLS authentication for Docker and Docker Swarm APIs if you want to bind
the Docker daemon to any other IP and Port.
Default Value-By default, Docker daemon binds to a non-networked Unix socket.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.