Warning
Mirantis stopped maintaining this documentation set as of 2021-07-21, in correlation with the End of Life date for MKE 3.2.x and MSR 2.7.x. The company continues to support MCR 19.03.x and its documentation.
For the latest MKE, MSR, and MCR product documentation, refer to:
Docker Enterprise can be configured and used in accordance with various security and compliance laws, regulations, and standards. Use the guidance in this section to verify and validate your Docker EE deployment against applicable security controls and configuration baselines. The catalogs, frameworks, publications, and benchmarks are as follows:
Laws:
Federal Information Security Management Act (FISMA) Catalogs:
NIST Special Publication (SP) 800-53 Revision 4 Frameworks:
Federal Risk and Authorization Management Program (FedRAMP) Risk Management Framework (NIST SP 800-37) Standards:
Federal Information Processing Standards (FIPS) 140-2 Container-Specific Publications:
NIST Special Publication (SP) 800-190 - Application Container Security Guide NIST Interagency Report (NISTIR) 8176 - Security Assurance Requirements for Linux Application Container Deployments NIST Information Technology Laboratory (ITL) Bulletin October 2017 - NIST Guidance on Application Container Security Benchmarks:
CIS Docker Enterprise Benchmark (In Development) CIS Kubernetes Benchmark Docker maintains an open source repository where you can find a number of machine-readable compliance resources in addition to the source of this documentation. This repository also includes tools for automatically generating security documentation and auditing Docker Enterprise systems against the security controls. An experimental natural language processing (NLP) utility is also included, for proofreading security narratives.
The guidance referenced here and at https://github.com/mirantis/compliance is provided for informational purposes only and has not been vetted by any third-party security assessors. You are solely responsible for developing, implementing, and managing your applications and subscriptions running on your own platform in compliance with applicable laws, regulations, and contractual obligations. The documentation is provided “as-is” and without any warranty of any kind, whether express, implied or statutory, and Docker, Inc. expressly disclaims all warranties for non-infringement, merchantability or fitness for a particular purpose.