Minimus offers hardened images following STIG guidelines for enhanced security. STIG stands for DISA’s Security Technical Implementation Guides (STIGs).

You can filter for STIG compliant containers in the Minimus gallery.

XCCDF Format

STIG publications follow the XCCDF output. XCCDF (Extensible Configuration Checklist Description Format) supports tools that can automate compliance and configuration remediation using OVAL code.

XCCDF STIG reports can be viewed in dedicated viewing tools endorsed by the DoD. Currently, STIG Viewer 3 is the most up to date. The relevant style sheet is bundled with the STIG. (Link to download the STIG Viewer.)

Security Content Automation Protocol (SCAP)

You can use OpenSCAP tools to validate the configuration of your container images and review the configuration of the image filesystem. The toolset is also used to perform interactive checks by executing commands against running containers.