-
Notifications
You must be signed in to change notification settings - Fork 38
/
component.yaml
112 lines (106 loc) · 4.19 KB
/
component.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
documentation_complete: false
schema_version: 3.1.0
name: Docker Security Scanning (DSS)
references:
- name: DSS Documentation
path: https://docs.docker.com/datacenter/dtr/2.3/guides/admin/configure/set-up-vulnerability-scans/
type: URL
satisfies:
- control_key: RA-5 (1)
covered_by: []
implementation_statuses:
- none
control_origins:
- service provider hybrid
narrative:
- text: |
'To assist the orgnization in meeting the requirements of this
control, the Docker Security Scanning (DSS) component of Docker
Trusted Registry (DTR) that is included with the Docker Enterprise
Edition Advanced tier can be used to scan Docker images for
vulnerabilities against known vulnerability databases. Scans can be
triggered either manually or when Docker images are pushed to DTR.'
standard_key: NIST-800-53
- control_key: RA-5 (2)
covered_by: []
implementation_statuses:
- none
control_origins:
- service provider hybrid
narrative:
- text: |
'To assist the orgnization in meeting the requirements of this
control, the Docker Security Scanning component of Docker Trusted
Registry (DTR) that is included with the Docker Enterprise Edition
Advanced tier compiles a bill of materials (BOM) for each Docker image
that it scans. DSS is also synchronized to an aggregate listing of
known vulnerabilities that is compiled from both the MITRE and NVD CVE
databases. Additional information can be found at the following
resources:
- https://docs.docker.com/datacenter/dtr/2.3/guides/admin/configure/set-up-vulnerability-scans/
- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Image_Scanning'
parameters:
- key: "RA-5(2)"
text: |
"FedRAMP requirement: prior to a new scan"
standard_key: NIST-800-53
- control_key: RA-5 (3)
covered_by: []
implementation_statuses:
- none
control_origins:
- service provider hybrid
narrative:
- text: |
'To assist the orgnization in meeting the requirements of this
control, the Docker Security Scanning component of Docker Trusted
Registry (DTR) that is included with the Docker Enterprise Edition
Advanced tier identifies vulnerabilities in a Docker image and marks
them against predefined criticality levels; critical major and minor.'
standard_key: NIST-800-53
- control_key: RA-5 (5)
covered_by: []
implementation_statuses:
- none
control_origins:
- service provider hybrid
narrative:
- text: |
'Only the appropriate users that the organization has provided Docker
Trusted Registry access to are able to view and interpret
vulnerability scan results.'
parameters:
- key: "RA-5(5)-1"
text: |
"FedRAMP requirement: operating systems, databases, web applications"
- key: "RA-5(5)-2"
text: |
"FedRAMP requirement: all scans"
standard_key: NIST-800-53
- control_key: RA-5 (6)
covered_by: []
implementation_statuses:
- none
control_origins:
- service provider hybrid
narrative:
- text: |
'For each Docker image pushed to Docker Trusted Registry at a given
time, Docker Security Scaninng retains a list of vulnerabilities
detected. The DTR API can be queried to retrieve the vulnerability
scan results over a period of time for a given Docker image such that
the results can be compared per the requirements of this control.'
standard_key: NIST-800-53
- control_key: RA-5 (8)
covered_by: []
implementation_statuses:
- none
control_origins:
- service provider hybrid
narrative:
- text: |
'Docker Security Scanning maintains a historical bill-of-materials
(BOM) for all Docker images that are scanned. Results of previous
vulnerability scans can be reviewed and audited per the requirements
of this control.'
standard_key: NIST-800-53