This benchmark provides consensus-oriented security best practices for deploying Docker. Twistlock developed 80+ built-in checks to validate recommended practices from the CIS benchmark, including configuration assessment, hardening checks, and hardware validations.
Twistlock includes an extensive list of configuration checks covering host, Docker daemon, Docker files and directories, containers, and even the underlying hardware. We also enforce standard configurations during deployment.
Organizations can use Twistlock to enforce “Trusted Registries” and “Trusted Images”. A trusted registry houses images scanned and approved by Twistlock or other trusted entities (e.g., Docker Trust Registry). Twistlock can enforce that only images pulled from a trusted registry are deployed onto production servers.
For environments that use Intel® Xeon® processors, Twistlock has native integrations with Intel’s Cloud Integrity Technology (CIT) to perform integrity and attestation checks for host hardware, firmware, Docker daemon or hypervisor prior to deploying containers, thereby establishing a chain of trust from the hardware to the workload to ensure the integrity of your cloud environment.