Details
Ensure that the container image is written either from scratch or is based on another established and trusted base image downloaded over a secure channel.
Rationale:
Official repositories are Docker images curated and optimized by the Docker community or the vendor. There could be other potentially unsafe public repositories. Caution should be exercised when obtaining container images from Docker and third parties to how they will be used for your organization’s data.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure and use Docker Content trust.
Inspect Docker image history to evaluate their risk to operate on your network.
Scan Docker images for vulnerabilities in their dependencies and configurations they will impose upon your network.
Impact:
None.
Default Value:
Not Applicable.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.