STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide

V-235872

CAT II (Medium)

Docker Enterprise data exchanged between Linux containers on different nodes must be encrypted on the overlay network.

Rule ID

SV-235872r962034_rule

STIG

Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-002450

Discussion

Encrypt data exchanged between containers on different nodes on the overlay network. By default, data exchanged between containers on different nodes on the overlay network is not encrypted. This could potentially expose traffic between the container nodes.

Check Content

Ensure data exchanged between containers are encrypted on different nodes on the overlay network.

via CLI:

Linux: As a Docker EE Admin, follow the steps below using a Universal Control Plane (UCP) client bundle:

Run the below command and ensure that each overlay network has been encrypted. 

docker network ls --filter driver=overlay --quiet | xargs docker network inspect --format '{{.Name}} {{ .Options }}' | grep -v "dtr\|interlock map\|ingress map"

If the network overlay drivers do not show [com.docker.network.driver.overlay"encrypted:" ask for evidence that encryption is being handled at the application layer, if no evidence of encryption at the network or application layer is provided, this is a finding.

Fix Text

Create overlay network with --opt encrypted flag. 

Example:
docker network create --opt encrypted --driver overlay my-network