Compliance & Benchmarking
Compliance and benchmarking play vital roles in securing assets - let alone containers. Let us begin by explaining compliance. Compliance is the process of following regulations and standards such as the NIST SP 800-190, a set of standards from the National Institute of Standards and Technology that gives guidance and best practices on container security:
NIST SP 800-190
This framework outlines the potential security concerns associated with containers and provides recommendations for addressing these concerns. https://csrc.nist.gov/publications/detail/sp/800-190/final
ISO 27001
This framework is an international standard for information security. The standard guides implementing, maintaining and improving an information security management system.
Please note that you may have to adhere to additional frameworks relevant to your Industry. For example, financial or medical. Regulations exist in all industries. For example, in the medical field, the HIPPA for handling medical data.
Benchmarking, on the other hand, is a process used to see how well an organisation is adhering to best practices. Benchmarking allows an organisation to see where they are following best practices well and where further improvements are needed:
CIS Docker Benchmark
This tool can assess a container's compliance with the CIS Docker Benchmark framework.
OpenSCAP
This tool can assess a container's compliance with multiple frameworks, including CIS Docker Benchmark, NIST SP-800-190 and more.
Docker Scout
This tool is a cloud-based service provided by Docker itself that scans Docker images and libraries for vulnerabilities. This tool lists the vulnerabilities present and provides steps to resolve these.
Anchore
This tool can assess a container's compliance with multiple frameworks, including CIS Docker Benchmark, NIST SP-800-190 and more.
Grype
This tool is a modern and fast vulnerability scanner for Docker images
An example of using the Docker Scout tool to analyse a Docker image has been provided in the terminal below. Please note this will need to be installed beforehand. You can read the Docker Scout documentation to learn more.
Last updated