IriusRisk Team
|
The Threat Modeling Experts
April 27, 2021

CIS Security Standard for Docker available now in IriusRisk

CIS Security Standard for Docker available now in IriusRisk

Apr 27, 2021

As part of this release we have added a risk pattern library for Docker. Risk patterns are re-usable collections of use-cases, threats, weaknesses and countermeasures, that can be imported into a threat model as a unit. They are the basic building blocks of threat models within IriusRisk.

This library provides a baseline set of risks, weaknesses and countermeasures for anyone implementing a Docker environment. The risk pattern contents were obtained from the CIS Benchmark “CIS Docker Community Edition Benchmark v1.1.0”. This Benchmark provides prescriptive guidance for establishing a secure configuration posture for Docker CE 17.06 or later technology.

Here’s a little of what CIS say about the Docker benchmark:

'The Center for Internet Security (CIS) Docker Community Edition (CE) Benchmark is a reference document designed to assist system administrators, security and audit professionals, and other technologists in establishing a secure configuration baseline for the Docker CE Engine.'

Continuum Security are certified CIS SecureSuite Product Vendor members.

Other new libraries released include:

  • OWASP Mobile ASVS: For Mobile Applications based on The OWASP Mobile Application Security Verification Standard (MASVS). This library sets forth risks and controls for anyone implementing a mobile application. This covers both Android and iOS platforms.
  • Google Cloud: For Google Cloud encompassing the entire environment including: GC Virtual Machines, GC Kubernetes, GC SQL and GC Storage. This library covers foundation services such as Governance, Identity and Access Management (IAM), Logging, Monitoring, Network, Kubernetes, Storage, Databases SQL and Virtual Machines.