Docker standards and compliance

Estimated reading time: 1 minute

Docker Enterprise Edition can be configured and used in accordance with various security and compliance standards. Use this document to validate your deployment against applicable security controls and configuration baselines. The catalogs, frameworks, publications, and benchmarks that we’ve highlighted thus far are as follows:

Catalogs:

Frameworks:

Publications:

Benchmarks:

Docker maintains an open source repository where you can find a number of machine-readable compliance resources in addition to the source of this documentation. This repository also includes tools for automatically generating security documentation and auditing Docker Enterprise Edition systems against the security controls. An experimental natural language processing (NLP) utility is also included, for proofreading security narratives.

The guidance referenced here and at https://github.com/docker/compliance is provided for informational purposes only and has not been vetted by any third-party security assessors. You are solely responsible for developing, implementing, and managing your applications and subscriptions running on your own platform in compliance with applicable laws, regulations, and contractual obligations. The documentation is provided “as-is” and without any warranty of any kind, whether express, implied or statutory, and Docker, Inc. expressly disclaims all warranties for non-infringement, merchantability or fitness for a particular purpose.

standards, compliance, security