Some test could be tested in two ways

[yoavrotems]

Some test has two ways to test them in CIS, for example test 2.12:

Run docker info and ensure that the Logging Driverproperty set as appropriate. docker info --format '{{ .LoggingDriver }}' Alternatively, the below command would give you the --log-driver setting. If configured you should ensure that it is set appropriately. ps -ef | grep dockerd The contents of /etc/docker/daemon.json should also be reviewed for this setting.

When using the second way we can encounter some false negative, when test was remediated but not shown on ps dockerd. Other test we should change are: 2.12 2.13 Possibly 2.17