STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide

V-235872

CAT II (Medium)

Docker Enterprise data exchanged between Linux containers on different nodes must be encrypted on the overlay network.

Rule ID

SV-235872r962034_rule

STIG

Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-002450

Discussion

Encrypt data exchanged between containers on different nodes on the overlay network. By default, data exchanged between containers on different nodes on the overlay network is not encrypted. This could potentially expose traffic between the container nodes.

Check Content

Ensure data exchanged between containers are encrypted on different nodes on the overlay network.

via CLI:

Linux: As a Docker EE Admin, follow the steps below using a Universal Control Plane (UCP) client bundle:

Run the below command and ensure that each overlay network has been encrypted. 

docker network ls --filter driver=overlay --quiet | xargs docker network inspect --format '{{.Name}} {{ .Options }}' | grep -v "dtr\|interlock map\|ingress map"

If the network overlay drivers do not show [com.docker.network.driver.overlay"encrypted:" ask for evidence that encryption is being handled at the application layer, if no evidence of encryption at the network or application layer is provided, this is a finding.

Fix Text

Create overlay network with --opt encrypted flag. 

Example:
docker network create --opt encrypted --driver overlay my-network