> ## Documentation Index
> Fetch the complete documentation index at: https://docs.minimus.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance

> How to verify that your Minimus container images meet security, licensing, and regulatory requirements

## CIS

Review a summary report detailing how the image complies with the [CIS Docker Benchmark](https://www.cisecurity.org/benchmark/docker). For every relevant CIS ID, the image status shows if the image passed along with a note explaining the decision.

<img src="https://mintcdn.com/gutsy-6162adbc/4up9p7p3pyNdGGSL/images/cis-report.png?fit=max&auto=format&n=4up9p7p3pyNdGGSL&q=85&s=9f86395a2c68f7d272a76b3616ca10ae" alt="Minimus CIS Report" width="1920" height="1032" data-path="images/cis-report.png" />

## NIST

Review a summary report detailing how the image complies with the [NIST-800-190 Section 3.1 Benchmark](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-190.pdf). For every relevant NIST ID, the image status shows if the image passed along with a note explaining the decision.

<img src="https://mintcdn.com/gutsy-6162adbc/X30I3790A9FnEoPK/images/nist-report.png?fit=max&auto=format&n=X30I3790A9FnEoPK&q=85&s=278c0899f48d082cd9fb5aa2016d6570" alt="Minimus NIST Report" width="1920" height="1032" data-path="images/nist-report.png" />

## FIPS

Minimus offers many FIPS validated images built with the Minimus Cryptographic Module to comply with the [FIPS 140-3 standard](https://csrc.nist.gov/pubs/fips/140-3/final). For FIPS validated images, run the command provided to test the module. The command overrides the default entrypoint to run a built-in `openssl-fips-test`.

<img src="https://mintcdn.com/gutsy-6162adbc/X30I3790A9FnEoPK/images/fips-report.png?fit=max&auto=format&n=X30I3790A9FnEoPK&q=85&s=3f264f04a519f1298e59a4620b872f7f" alt="Minimus FIPS Report" width="1920" height="1032" data-path="images/fips-report.png" />

## STIG

Minimus images that are FIPS validated are also STIG compliant. Switch to the STIG tab to preview the STIG Evaluation Report. Download the HTML report to drill down on the full details. [Learn more](/compliance/stig)

<Info>
  STIG stands for Security Technical Implementation Guides (STIGs). STIGs are published by DISA, the Defense Information Systems Agency of the U.S. Department of Defense (DoD).
</Info>

<img src="https://mintcdn.com/gutsy-6162adbc/4up9p7p3pyNdGGSL/images/STIG-report.png?fit=max&auto=format&n=4up9p7p3pyNdGGSL&q=85&s=5679ad60e4df65c23d1654a2b3d708da" alt="Minimus STIG Report" width="1920" height="1032" data-path="images/STIG-report.png" />

## Image Signature

The image signature tab provides the commands for verifying the `latest` and `latest-dev` images with Cosign. See our [**verification guide**](https://docs.minimus.io/integrity/verify) for additional information about verification with Cosign.

## SBOM Signature

The SBOM signature tab provides the commands for verifying the SBOM attestation for the `latest` image with Cosign. The Cosign command uses an architecture-specific digest ID and is provided for amd64 and arm64.

<img src="https://mintcdn.com/gutsy-6162adbc/X30I3790A9FnEoPK/images/sbom-signature.png?fit=max&auto=format&n=X30I3790A9FnEoPK&q=85&s=bc1d3186fb01e4f82f4846183f8d2ef6" alt="SBOM Signature" width="1920" height="1032" data-path="images/sbom-signature.png" />