STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide

V-235826

CAT II (Medium)

Docker Secrets must be used to store configuration files and small amounts of user-generated data (up to 500 kb in size) in Docker Enterprise.

Rule ID

SV-235826r961128_rule

STIG

Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-001199

Discussion

By leveraging Docker Secrets or Kubernetes secrets to store configuration files and small amounts of user-generated data (up to 500 kb in size), the data is encrypted at rest by the Engine's FIPS-validated cryptography.

Check Content

Review System Security Plan (SSP) and identify applications that leverage configuration files and/or small amounts of user-generated data, ensure that data is stored in Docker Secrets or Kubernetes Secrets.

Using a Universal Control Plane (UCP) client bundle, verify that secrets are in use by executing the following commands:

docker secret ls

Confirm containerized applications identified in SSP as utilizing Docker secrets have a corresponding secret configured.
If the SSP requires Docker secrets be used but the containerized application does not use Docker secrets, this is a finding.

Fix Text

For all containerized applications that leverage configuration files and/or small amounts of user-generated data, store that data in Docker Secrets.

All secrets should be created and managed using a UCP client bundle.

A reference for the use of docker secrets can be found at https://docs.docker.com/engine/swarm/secrets/.