From 7c8b3f5778cabbd9b71da7e5ff574493307ac1ca Mon Sep 17 00:00:00 2001
From: Andrew Weiss <anweiss@docker.com>
Date: Mon, 31 Jul 2017 13:03:32 -0400
Subject: [PATCH] update docs and script

---
 docs/compliance/reference/800-53/AC.md     | 533 ++++++++++++--------
 docs/compliance/reference/800-53/AU.md     | 537 +++++++++++++--------
 docs/compliance/reference/800-53/CA.md     |  13 +-
 docs/compliance/reference/800-53/CM.md     | 268 ++++++----
 docs/compliance/reference/800-53/CP.md     |  24 +-
 docs/compliance/reference/800-53/IA.md     | 145 +++---
 docs/compliance/reference/800-53/RA.md     |  42 +-
 docs/compliance/reference/800-53/SA.md     |  20 +-
 docs/compliance/reference/800-53/SC.md     |  87 ++--
 docs/compliance/reference/800-53/SI.md     |  25 +-
 docs/generator/generator.go                |  17 +-
 docs/generator/tmpl/80053.tmpl             |  11 +-
 opencontrol/components/eNZi/component.yaml |   3 -
 13 files changed, 1072 insertions(+), 653 deletions(-)

diff --git a/docs/compliance/reference/800-53/AC.md b/docs/compliance/reference/800-53/AC.md
index 8f1854d..4bd9244 100644
--- a/docs/compliance/reference/800-53/AC.md
+++ b/docs/compliance/reference/800-53/AC.md
@@ -44,11 +44,11 @@ The organization:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskjg">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmte0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskjg" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmte0" class="tab-pane fade in active">
 To assist the organization in meeting the requirements of
 this control, one can control which users and teams are allowed to
 create and manipulate Docker Enterprise Edition resources. By default, no one
@@ -56,14 +56,14 @@ can make changes to the cluster. Permissions can be granted and
 managed to enforce fine-grained access control. Supporting
 documentation can found at the following resources:
 
-UCP:
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/
 
-DTR:
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/</a></li>
 
+</ul>
 </div>
 </div>
 
@@ -118,18 +118,22 @@ The organization:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskk0">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmteg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskk0" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmteg" class="tab-pane fade in active">
 To assist the organization in meeting the requirements of this
 control, an external identity management system (such as Microsoft&#39;s
 Active Directory or an LDAP endpoint) can be configured as mandated by
 this control and can be integrated with Docker Enterprise Edition.
 Supporting documentation can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -169,36 +173,48 @@ The organization employs automated mechanisms to support the management of infor
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskkg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000diskl0">UCP</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disklg">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtf0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtfg">UCP</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtg0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskkg" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtf0" class="tab-pane fade in active">
 To assist the organization in meeting the requirements of this
 control, supporting documentation for managing users and teams can
 found at the following resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/create-and-manage-users/
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/create-and-manage-teams/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/create-and-manage-users/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/create-and-manage-users/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/create-and-manage-teams/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/create-and-manage-teams/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000diskl0" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtfg" class="tab-pane fade">
 To assist the organization in meeting the requirements of this
 control, supporting documentation for managing users and teams can
 found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/create-and-manage-users/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/create-and-manage-teams/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/create-and-manage-users/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/create-and-manage-users/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/create-and-manage-teams/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/create-and-manage-teams/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000disklg" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtg0" class="tab-pane fade">
 To assist the organization in meeting the requirements of this
 control, an external identity management system (such as Microsoft&#39;s
 Active Directory or an LDAP endpoint) can be configured as mandated by
 this control and can be integrated with Docker Enterprise Edition.
 Supporting documentation can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -228,11 +244,11 @@ The information system automatically [Selection: removes; disables] temporary an
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskm0">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtgg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskm0" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtgg" class="tab-pane fade in active">
 Using Docker Enterprise Edition&#39;s LDAP integration capabilities, one
 can disable and/or remove temporary and emergency accounts in a
 connected directory service (such as Active Directory) after an
@@ -240,7 +256,11 @@ organization-defined time period. When a user is removed from LDAP,
 that user becomes inactive after the LDAP synchronization runs.
 Supporting documentation can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -270,18 +290,22 @@ The information system automatically disables inactive accounts after [Assignmen
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskmg">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmth0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskmg" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmth0" class="tab-pane fade in active">
 Using Docker Enterprise Edition&#39;s LDAP integration capabilities, one
 can automatically disable inactive accounts in a connected directory
 service (such as Active Directory). When a user is removed from LDAP,
 that user becomes inactive after the LDAP synchronization runs.
 Supporting documentation can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/external-auth/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -311,11 +335,11 @@ The information system automatically audits account creation, modification, enab
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskn0">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmthg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskn0" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmthg" class="tab-pane fade in active">
 Docker Enterprise Edition logs various authentication and
 authorization events to standard log files. One can configure Docker
 Enterprise Edition to direct these event logs to a remote logging
@@ -326,9 +350,13 @@ service&#39;s logging mechanisms for auditing the events defined by this
 control. Supporting documentation can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/troubleshoot-with-logs/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/troubleshoot-with-logs/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/troubleshoot-with-logs/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -358,11 +386,11 @@ The organization requires that users log out when [Assignment: organization-defi
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskng">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmti0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskng" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmti0" class="tab-pane fade in active">
 To assist the organization in meeting the requirements of this
 control, Docker Enterprise Edition can be configured to enforce automated
 session termination of users after an organization-defined time period
@@ -370,6 +398,7 @@ of inactivity. By default, the initial lifetime of a user&#39;s session
 is set to 72 hours and the renewal session for a user&#39;s session is
 set to 24 hours. These values can both be changed in the &#34;Auth&#34;
 section of the &#34;Admin Settings&#34; in Universal Control Plane.
+</ul>
 </div>
 </div>
 
@@ -424,27 +453,35 @@ The organization:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disko0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000diskog">UCP</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000diskp0">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtig">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtj0">UCP</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtjg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disko0" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtig" class="tab-pane fade in active">
 To assist the organization in meeting the requirements of this
 control, supporting documentation can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000diskog" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtj0" class="tab-pane fade">
 To assist the organization in meeting the requirements of this
 control, supporting documentation can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000diskp0" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtjg" class="tab-pane fade">
 To assist the organization in meeting the requirements of this
 control, Docker Enterprise Edition supports various levels of user
 permissions and role-based access control enforcements. Administrator
@@ -455,13 +492,15 @@ cluster. Supporting documentation can be found at the following
 resources:
 
 UCP:
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Identity_Management
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#RBAC
 
-DTR:
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Identity_Management">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Identity_Management</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#RBAC">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#RBAC</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -501,14 +540,15 @@ The organization only permits the use of shared/group accounts that meet [Assign
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskpg">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtk0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskpg" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtk0" class="tab-pane fade in active">
 To assist the organization in meeting the requirements of this
 control, users and/or groups synchronized to Docker Enterprise Edition
 via LDAP can be configured at the directory service.
+</ul>
 </div>
 </div>
 
@@ -538,13 +578,14 @@ The information system terminates shared/group account credentials when members
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskq0">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtkg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskq0" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtkg" class="tab-pane fade in active">
 Users and/or groups synchronized to Docker Enterprise Edition via
 LDAP can be configured at the directory service.
+</ul>
 </div>
 </div>
 
@@ -574,14 +615,15 @@ The information system enforces [Assignment: organization-defined circumstances
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskqg">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtl0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskqg" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtl0" class="tab-pane fade in active">
 Information system accounts synchronized to Docker Enterprise Edition
 via LDAP can be configured at the directory service to meet this
 requirement as necessary.
+</ul>
 </div>
 </div>
 
@@ -630,48 +672,60 @@ The organization:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskr0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000diskrg">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disks0">UCP</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disksg">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtlg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtm0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtmg">UCP</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtn0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskr0" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtlg" class="tab-pane fade in active">
 To assist the organization in meeting the requirements of this
 control, supporting documentation can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-with-logs/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-with-logs/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/troubleshoot-with-logs/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000diskrg" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtm0" class="tab-pane fade">
 To assist the organization in meeting the requirements of this
 control, Docker Enterprise Edition can be configured to aggregate
 container and daemon events via a number of logging drivers.
 Supporting documentation can be found at the following resources:
 
-- https://docs.docker.com/engine/admin/logging/view_container_logs/
-- https://docs.docker.com/engine/admin/logging/overview/
-- https://docs.docker.com/engine/admin/logging/log_tags/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/view_container_logs/">https://docs.docker.com/engine/admin/logging/view_container_logs/</a></li>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+<li><a href="https://docs.docker.com/engine/admin/logging/log_tags/">https://docs.docker.com/engine/admin/logging/log_tags/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000disks0" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtmg" class="tab-pane fade">
 To assist the organization in meeting the requirements of this
 control, Universal Control Plane can be configured to send system
 account log data to a remote logging service such as an Elasticsearch,
 Logstash and Kibana (ELK) stack. Supporting documentation can be found
 at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/troubleshoot-with-logs/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/troubleshoot-with-logs/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/monitor-and-troubleshoot/troubleshoot-with-logs/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000disksg" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtn0" class="tab-pane fade">
 To assist the organization in meeting the requirements of this
 control, when Docker Enterprise Edition is configured for LDAP
 integration, one can refer to the directory service&#39;s existing
 monitoring tools.
+</ul>
 </div>
 </div>
 
@@ -701,14 +755,15 @@ The organization disables accounts of users posing a significant risk within [As
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskt0">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtng">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskt0" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtng" class="tab-pane fade in active">
 To assist the organization in meeting the requirements of this
 control, users and/or groups synchronized to Docker Enterprise Edition
 via LDAP can be managed at the directory service.
+</ul>
 </div>
 </div>
 
@@ -748,41 +803,50 @@ The information system enforces approved authorizations for logical access to in
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disktg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disku0">UCP</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000diskug">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmto0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtog">UCP</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtp0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disktg" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmto0" class="tab-pane fade in active">
 One can control which users and teams can create and manipulate
 Docker Trusted Registry resources. By default, no one can make changes
 to the cluster. Permissions can be granted and managed to enforce
 fine-grained access control. Supporting documentation can be found at
 the following resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000disku0" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtog" class="tab-pane fade">
 One can control which users and teams can create and manipulate
 Universal Control Plane resources. By default, no one can make changes
 to the cluster. Permissions can be granted and managed to enforce
 fine-grained access control. Supporting documentation can be found at
 the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#RBAC_and_Managing_Team_Level_Access_to_Resources
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#RBAC
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#RBAC_and_Managing_Team_Level_Access_to_Resources">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#RBAC_and_Managing_Team_Level_Access_to_Resources</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#RBAC">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#RBAC</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000diskug" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtp0" class="tab-pane fade">
 One can control which users and teams can create and manipulate
 Docker Enterprise Edition resources. By default, no one can make
 changes to the cluster. Permissions can be granted and managed to
 enforce fine-grained access control. The eNZi component facilitates
 authorizations as dictated by the system&#39;s administrators.
+</ul>
 </div>
 </div>
 
@@ -926,42 +990,53 @@ The information system enforces approved authorizations for controlling the flow
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000diskv0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000diskvg">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disl00">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtpg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtq0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtqg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000diskv0" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtpg" class="tab-pane fade in active">
 Supporting documentation to configure Docker Trusted Registry to meet
 the requirements of this control can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/install/system-requirements/#/ports-used
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/">https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/install/system-requirements/#/ports-used">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/install/system-requirements/#/ports-used</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000diskvg" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtq0" class="tab-pane fade">
 Docker Enterprise Edition can be configured to control the flow of information
 that originates from applications running in containers. Supporting
 documentation can be found at the following resources:
 
-- https://docs.docker.com/engine/userguide/networking/
-- http://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks
 
+<ul>
+<li><a href="https://docs.docker.com/engine/userguide/networking/">https://docs.docker.com/engine/userguide/networking/</a></li>
+<li><a href="http://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks">http://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000disl00" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtqg" class="tab-pane fade">
 Supporting documentation to configure Universal Control Plane to meet
 the requirements of this control can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/install/system-requirements/#/ports-used
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/restrict-services-to-worker-nodes/
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Universal_Control_Plane_2.0_Service_Discovery_and_Load_Balancing
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Networking
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/">https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/install/system-requirements/#/ports-used">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/install/system-requirements/#/ports-used</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/restrict-services-to-worker-nodes/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/restrict-services-to-worker-nodes/</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Universal_Control_Plane_2.0_Service_Discovery_and_Load_Balancing">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Universal_Control_Plane_2.0_Service_Discovery_and_Load_Balancing</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Networking">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Networking</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1071,48 +1146,54 @@ The information system enforces information flow control using [Assignment: orga
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl0g">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disl10">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disl1g">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtr0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtrg">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmts0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl0g" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtr0" class="tab-pane fade in active">
 Supporting documentation to configure Docker Trusted Registry to meet
 the requirements of this control can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/install/system-requirements/#/ports-used
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/">https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/install/system-requirements/#/ports-used">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/install/system-requirements/#/ports-used</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000disl10" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtrg" class="tab-pane fade">
 Docker Enterprise Edition can be configured to control the flow of
 information that originates from applications running in containers
 per organization-defined security policy filters. Supporting
 documentation can be found at the following resources:
 
-- https://docs.docker.com/engine/userguide/networking/
-- http://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks
 
-There are also third-party behavioral activity monitoring tools (e.g.
-Sysdig Falco &lt;http://www.sysdig.org/falco/&gt;) that can be used
-alongside Docker Enterprise Edition to satisfy this control&#39;s
-requirements.
+<ul>
+<li><a href="https://docs.docker.com/engine/userguide/networking/">https://docs.docker.com/engine/userguide/networking/</a></li>
+<li><a href="http://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks">http://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks</a></li>
 
+</ul>
 </div>
-<div id="b5vapgj5uce000disl1g" class="tab-pane fade">
+<div id="b5vm46pllv0000avmts0" class="tab-pane fade">
 Supporting documentation to configure Universal Control Plane to meet
 the requirements of this control can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/install/system-requirements/#/ports-used
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/restrict-services-to-worker-nodes/
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Universal_Control_Plane_2.0_Service_Discovery_and_Load_Balancing
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Networking
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/">https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/install/system-requirements/#/ports-used">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/install/system-requirements/#/ports-used</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/restrict-services-to-worker-nodes/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/restrict-services-to-worker-nodes/</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Universal_Control_Plane_2.0_Service_Discovery_and_Load_Balancing">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Universal_Control_Plane_2.0_Service_Discovery_and_Load_Balancing</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Networking">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Networking</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1262,42 +1343,53 @@ The information system separates information flows logically or physically using
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl20">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disl2g">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disl30">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtsg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtt0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmttg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl20" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtsg" class="tab-pane fade in active">
 Supporting documentation to configure Docker Trusted Registry to meet
 the requirements of this control can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/install/system-requirements/#/ports-used
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/">https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/install/system-requirements/#/ports-used">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/install/system-requirements/#/ports-used</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000disl2g" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtt0" class="tab-pane fade">
 Docker Enterprise Edition can be configured to separate the flow of
 information that originates from applications running in containers.
 Supporting documentation can be found at the following resources:
 
-- https://docs.docker.com/engine/userguide/networking/
-- http://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks
 
+<ul>
+<li><a href="https://docs.docker.com/engine/userguide/networking/">https://docs.docker.com/engine/userguide/networking/</a></li>
+<li><a href="http://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks">http://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000disl30" class="tab-pane fade">
+<div id="b5vm46pllv0000avmttg" class="tab-pane fade">
 Supporting documentation to configure Universal Control Plane to meet
 the requirements of this control can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/install/system-requirements/#/ports-used
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/restrict-services-to-worker-nodes/
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Universal_Control_Plane_2.0_Service_Discovery_and_Load_Balancing
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Networking
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/">https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/install/system-requirements/#/ports-used">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/install/system-requirements/#/ports-used</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/restrict-services-to-worker-nodes/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/restrict-services-to-worker-nodes/</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Universal_Control_Plane_2.0_Service_Discovery_and_Load_Balancing">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Universal_Control_Plane_2.0_Service_Discovery_and_Load_Balancing</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#Infrastructure_Considerations</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Networking">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Networking</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1347,12 +1439,12 @@ The organization:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl3g">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disl40">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtu0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmtug">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl3g" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtu0" class="tab-pane fade in active">
 To assist the organization in meeting the requirements of this
 control, one can control which users and teams can create and
 manipulate Docker Trusted Registry resources. By default, no one can
@@ -1360,11 +1452,15 @@ make changes to the cluster. Permissions can be granted and managed to
 enforce fine-grained access control. Supporting documentation can be
 found at the following resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC</a></li>
+
+</ul>
 </div>
-<div id="b5vapgj5uce000disl40" class="tab-pane fade">
+<div id="b5vm46pllv0000avmtug" class="tab-pane fade">
 To assist the organization in meeting the requirements of this
 control, one can control which users and teams can create and
 manipulate Universal Control Plane resources. By default, no one can
@@ -1372,10 +1468,14 @@ make changes to the cluster. Permissions can be granted and managed to
 enforce fine-grained access control. Supporting documentation can be
 found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#RBAC_and_Managing_Team_Level_Access_to_Resources
-- https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#RBAC
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#RBAC_and_Managing_Team_Level_Access_to_Resources">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Docker_Datacenter_Best_Practices_and_Design_Considerations#RBAC_and_Managing_Team_Level_Access_to_Resources</a></li>
+<li><a href="https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#RBAC">https://success.docker.com/KBase/Docker_Reference_Architecture%3A_Securing_Docker_Datacenter_and_Security_Best_Practices#RBAC</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1489,11 +1589,11 @@ The information system prevents [Assignment: organization-defined software] from
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl4g">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtv0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl4g" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtv0" class="tab-pane fade in active">
 Universal Control Plane users can be assigned to one of a number of
 different permission levels. The permission level assigned to a
 specific user determines that user&#39;s ability to execute certain
@@ -1507,7 +1607,11 @@ required privileged access to the host. Additional documentation
 regarding the various permission levels within UCP can be found at the
 following resource:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1537,11 +1641,11 @@ The information system audits the execution of privileged functions.
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl50">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmtvg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl50" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmtvg" class="tab-pane fade in active">
 Docker Enterprise Edition logs privileged user events to standard log
 files. One can configure Docker Enterprise Edition to direct these
 event logs to a remote logging service such as an Elasticsearch,
@@ -1551,8 +1655,12 @@ can refer the the directory service&#39;s logging mechanisms for auditing
 the events defined by this control. Supporting documentation regarding
 logging and monitoring can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.0/guides/monitor/
-- https://docs.docker.com/datacenter/ucp/2.0/guides/configuration/configure-logs/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.0/guides/monitor/">https://docs.docker.com/datacenter/ucp/2.0/guides/monitor/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.0/guides/configuration/configure-logs/">https://docs.docker.com/datacenter/ucp/2.0/guides/configuration/configure-logs/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1582,20 +1690,24 @@ The information system prevents non-privileged users from executing privileged f
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl5g">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmu00">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl5g" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmu00" class="tab-pane fade in active">
 One can control which users and teams can create and manipulate
 Docker Enterprise Edition resources. By default, no one can make changes to
 the cluster. Permissions can be granted and managed to enforce
 fine-grained access control. Supporting documentation for the configuration of this functionality can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.0/guides/user-management/
-- https://docs.docker.com/datacenter/dtr/2.1/guides/user-management/
-- https://docs.docker.com/datacenter/ucp/2.0/guides/user-management/permission-levels/
-- https://docs.docker.com/datacenter/dtr/2.1/guides/user-management/permission-levels/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.0/guides/user-management/">https://docs.docker.com/datacenter/ucp/2.0/guides/user-management/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.1/guides/user-management/">https://docs.docker.com/datacenter/dtr/2.1/guides/user-management/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.0/guides/user-management/permission-levels/">https://docs.docker.com/datacenter/ucp/2.0/guides/user-management/permission-levels/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.1/guides/user-management/permission-levels/">https://docs.docker.com/datacenter/dtr/2.1/guides/user-management/permission-levels/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1629,11 +1741,11 @@ The information system:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl60">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmu0g">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl60" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmu0g" class="tab-pane fade in active">
 When Docker Enterprise Edition is integrated to a directory service via LDAP,
 one can reference the functionality of the directory service to
 configure the enforcement of a limit to the number of conesecutive
@@ -1642,6 +1754,7 @@ via LDAP, one can reference the functionality of the directory service
 to configure he ability to automatically lock/disable an account for a
 specified period of time after a consecutive invalid logon attempt
 limit is reached.
+</ul>
 </div>
 </div>
 
@@ -1759,15 +1872,16 @@ The information system limits the number of concurrent sessions for each [Assign
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl6g">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmu10">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl6g" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmu10" class="tab-pane fade in active">
 Docker Enterprise Edition can be configured to limit the number of
 concurrent sessions for each account. These options can be found
 within the Universal Control Plane Admin Settings under the &#34;Auth&#34;
 section. 
+</ul>
 </div>
 </div>
 
@@ -1801,17 +1915,18 @@ The information system:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl70">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmu1g">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl70" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmu1g" class="tab-pane fade in active">
 Per the requirements of AC-2 (5), Docker Enterprise Edition
 can be configured to enforce user session lifetime limits and renewal
 thresholds. These options can be found within the Universal Control
 Plane Admin Settings under the &#34;Auth&#34; section. Configurable options
 include the initial lifetime (in hours) of a user&#39;s session and the
 renewal threshold of a session (in hours).
+</ul>
 </div>
 </div>
 
@@ -1841,11 +1956,11 @@ The information system conceals, via the session lock, information previously vi
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl7g">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmu20">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl7g" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmu20" class="tab-pane fade in active">
 Per the requirements of AC-2 (5), Docker Enterprise Edition
 can be configured to enforce user session lifetime limits and renewal
 thresholds. These options can be found within the Universal Control
@@ -1854,6 +1969,7 @@ include the initial lifetime (in hours) of a user&#39;s session and the
 renewal threshold of a session (in hours). Upon the expiration of the
 configured session thresholds, a user will be locked out of his/her
 session.
+</ul>
 </div>
 </div>
 
@@ -1883,11 +1999,11 @@ The information system automatically terminates a user session after [Assignment
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl80">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmu2g">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl80" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmu2g" class="tab-pane fade in active">
 Per the requirements of AC-2 (5), Docker Enterprise Edition
 can be configured to enforce user session lifetime limits and renewal
 thresholds. These options can be found within the Universal Control
@@ -1896,6 +2012,7 @@ include the initial lifetime (in hours) of a user&#39;s session and the
 renewal threshold of a session (in hours). Upon the expiration of the
 configured session thresholds, a user will be locked out of his/her
 session.
+</ul>
 </div>
 </div>
 
@@ -1929,13 +2046,14 @@ The information system:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl8g">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmu30">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl8g" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmu30" class="tab-pane fade in active">
 Universal Control Plane includes a logout capability that allows a
 user to terminate his/her current session.
+</ul>
 </div>
 </div>
 
@@ -2114,21 +2232,23 @@ The information system monitors and controls remote access methods.
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disl90">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disl9g">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmu3g">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmu40">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disl90" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmu3g" class="tab-pane fade in active">
 Docker Enterprise Edition logs and controls all local and remote
 access events. In addition, auditing can be configured on the
 underlying operating system to meet this control.
 
+</ul>
 </div>
-<div id="b5vapgj5uce000disl9g" class="tab-pane fade">
+<div id="b5vm46pllv0000avmu40" class="tab-pane fade">
 Docker Enterprise Edition logs and controls all local and remote access
 events. In addition, auditing can be configured on the underlying
 operating system to meet this control.
+</ul>
 </div>
 </div>
 
@@ -2168,34 +2288,37 @@ The information system implements cryptographic mechanisms to protect the confid
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disla0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000dislag">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000dislb0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmu4g">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmu50">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmu5g">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disla0" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmu4g" class="tab-pane fade in active">
 All remote access sessions to Docker Trusted Registry are protected
 with Transport Layer Security (TLS) 1.2. This is included at both the
 HTTPS application layer for access to the DTR user interface and for
 command-line based connections to the registry. In addition to this,
 all communication to DTR is enforced by way of two-way mutual TLS
 authentication.
+</ul>
 </div>
-<div id="b5vapgj5uce000dislag" class="tab-pane fade">
+<div id="b5vm46pllv0000avmu50" class="tab-pane fade">
 All remote access sessions to Docker Enterprise Edition are protected
 with Transport Layer Security (TLS) 1.2. In addition to this, all
 communication to Docker Enterprise Edition is enforced by way of
 two-way mutual TLS authentication.
 
+</ul>
 </div>
-<div id="b5vapgj5uce000dislb0" class="tab-pane fade">
+<div id="b5vm46pllv0000avmu5g" class="tab-pane fade">
 All remote access sessions to Universal Control Plane are protected
 with Transport Layer Security (TLS) 1.2. This is included at both the
 HTTPS application layer for access to the UCP user interface and for
 command-line based connections to the cluster. In addition to this,
 all communication to UCP is enforced by way of two-way mutual TLS
 authentication.
+</ul>
 </div>
 </div>
 
@@ -2235,30 +2358,33 @@ The information system routes all remote accesses through [Assignment: organizat
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000dislbg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000dislc0">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000dislcg">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmu60">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmu6g">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmu70">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000dislbg" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmu60" class="tab-pane fade in active">
 A combination of managed load balancers, firewalls and access control
 lists, and virtual networking resources can be used to ensure traffic
 destined for Docker Trusted Registry replicas is routed through
 managed network access control points.
+</ul>
 </div>
-<div id="b5vapgj5uce000dislc0" class="tab-pane fade">
+<div id="b5vm46pllv0000avmu6g" class="tab-pane fade">
 A combination of managed load balancers, firewalls and access control
 lists, and virtual networking resources can be used to ensure traffic
 destined for Docker Enterprise Edition is routed through managed network access
 control points.
 
+</ul>
 </div>
-<div id="b5vapgj5uce000dislcg" class="tab-pane fade">
+<div id="b5vm46pllv0000avmu70" class="tab-pane fade">
 A combination of managed load balancers, firewalls and access control
 lists, and virtual networking resources can be used to ensure traffic
 destined for Universal Control Plane managers and worker nodes is
 routed through managed network access control points.
+</ul>
 </div>
 </div>
 
@@ -2322,20 +2448,21 @@ The organization provides the capability to expeditiously disconnect or disable
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgj5uce000disld0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disldg">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgj5uce000disle0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm46pllv0000avmu7g">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmu80">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm46pllv0000avmu8g">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgj5uce000disld0" class="tab-pane fade in active">
+<div id="b5vm46pllv0000avmu7g" class="tab-pane fade in active">
 Built-in firewall technology in Docker Trusted Registry&#39;s underlying
 operating system can be used to force the disconnection of remote
 connections to the host. In addition, UCP slave nodes running Docker
 Trusted Registry replicas can be paused or drained, which subsequently
 stops sessions to the DTR replica.
+</ul>
 </div>
-<div id="b5vapgj5uce000disldg" class="tab-pane fade">
+<div id="b5vm46pllv0000avmu80" class="tab-pane fade">
 Built-in firewall technology in Docker Enterprise Edition&#39;s underlying
 operating system can be used to force the disconnection of remote
 connections to the host. In addition, Docker Enterprise Edition provides the
@@ -2344,14 +2471,16 @@ stops and/or removes sessions to the node. Individual services and/or
 applications running on Docker Enterprise Edition can also be stopped and/or
 removed.
 
+</ul>
 </div>
-<div id="b5vapgj5uce000disle0" class="tab-pane fade">
+<div id="b5vm46pllv0000avmu8g" class="tab-pane fade">
 Built-in firewall technology in Universal Control Plane&#39;s underlying
 operating system can be used to force the disconnection of remote
 connections to the host. In addition, UCP provides the option to pause
 or drain a node in the cluster, which subsequently stops and/or
 removes sessions to the node. Individual services and/or applications
 running on a UCP cluster can also be stopped and/or removed.
+</ul>
 </div>
 </div>
 
diff --git a/docs/compliance/reference/800-53/AU.md b/docs/compliance/reference/800-53/AU.md
index dc6794d..ed57c10 100644
--- a/docs/compliance/reference/800-53/AU.md
+++ b/docs/compliance/reference/800-53/AU.md
@@ -70,21 +70,25 @@ The organization:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000disleg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislf0">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislfg">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmu90">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmu9g">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmua0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000disleg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmu90" class="tab-pane fade in active">
 All of the event types indicated by this control are logged by a
 combination of the backend ucp-controller service within Universal
 Control Plane and the backend services that make up Docker Trusted
 Registry. Additional documentation can be found at the following resource:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/monitor-and-troubleshoot/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislf0" class="tab-pane fade">
+<div id="b5vm471llv0000avmu9g" class="tab-pane fade">
 Both Universal Control Plane and Docker Trusted Registry backend
 service containers, all of which reside on Docker Enterprise Edition,
 log all of the event types indicated by this control (as explained by
@@ -93,17 +97,24 @@ that reside on Docker Enterprise Edition can be configured to log data
 via an appropriate Docker logging driver. Instructions for configuring
 logging drivers can be found at the following resource:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislfg" class="tab-pane fade">
+<div id="b5vm471llv0000avmua0" class="tab-pane fade">
 All of the event types indicated by this control are logged by the
 backend ucp-controller service within Universal Control Plane. In
 addition, each container created on a Universal Control Plane cluster
 logs event data. Supporting documentation for configuring UCP logging
 can be referenced at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -158,14 +169,14 @@ The information system generates audit records containing information that estab
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dislg0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislgg">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislh0">UCP</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislhg">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmuag">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmub0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmubg">UCP</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmuc0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dislg0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmuag" class="tab-pane fade in active">
 Docker Trusted Registry generates all of the audit record information
 indicated by this control. A sample audit event has been provided
 below:
@@ -174,8 +185,9 @@ below:
 based auth
 suceeded&#34;,&#34;remote_addr&#34;:&#34;192.168.33.1:55905&#34;,&#34;time&#34;:&#34;2016-11-09T22:41:01Z&#34;,&#34;type&#34;:&#34;auth
 ok&#34;,&#34;username&#34;:&#34;dockeruser&#34;}
+</ul>
 </div>
-<div id="b5vapgr5uce000dislgg" class="tab-pane fade">
+<div id="b5vm471llv0000avmub0" class="tab-pane fade">
 Both Universal Control Plane and Docker Trusted Registry are
 pre-configured to take advantage of Docker Enterprise Edition&#39;s
 built-in logging mechanisms. A sample audit event recorded by Docker
@@ -188,10 +200,13 @@ ok&#34;,&#34;username&#34;:&#34;dockeruser&#34;}
 
 Additional documentation can be referenced at the following resource:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislh0" class="tab-pane fade">
+<div id="b5vm471llv0000avmubg" class="tab-pane fade">
 Universal Control Plane generates all of the audit record information
 indicated by this control. A sample audit event has been provided
 below:
@@ -200,8 +215,9 @@ below:
 based auth
 suceeded&#34;,&#34;remote_addr&#34;:&#34;192.168.33.1:55905&#34;,&#34;time&#34;:&#34;2016-11-09T22:41:01Z&#34;,&#34;type&#34;:&#34;auth
 ok&#34;,&#34;username&#34;:&#34;dockeruser&#34;}
+</ul>
 </div>
-<div id="b5vapgr5uce000dislhg" class="tab-pane fade">
+<div id="b5vm471llv0000avmuc0" class="tab-pane fade">
 Docker Enterprise Edition generates all of the audit record
 information indicated by this control. A sample audit event has been
 provided below:
@@ -210,6 +226,7 @@ provided below:
 based auth
 suceeded&#34;,&#34;remote_addr&#34;:&#34;192.168.33.1:55905&#34;,&#34;time&#34;:&#34;2016-11-09T22:41:01Z&#34;,&#34;type&#34;:&#34;auth
 ok&#34;,&#34;username&#34;:&#34;dockeruser&#34;}
+</ul>
 </div>
 </div>
 
@@ -249,13 +266,13 @@ The information system generates audit records containing the following addition
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000disli0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislig">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislj0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmucg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmud0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmudg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000disli0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmucg" class="tab-pane fade in active">
 Universal Control Plane can be configured to log data to a remote
 logging stack, which in turn, sends the Docker Trusted Registry
 backend container audit records to the remote logging stack. The
@@ -263,26 +280,37 @@ logging stack can subsequently be used to interpolate the information
 defined by this control from the logged audit records. Additional
 information can be found at the following resource:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislig" class="tab-pane fade">
+<div id="b5vm471llv0000avmud0" class="tab-pane fade">
 Docker Enterprise Edition can be configured with various logging
 drivers to send audit events to an external logging stack. The logging
 stack can subsequently be used to interpolate the information defined
 by this control from the logged audit records. Additional
 documentation can be found at the following resource:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislj0" class="tab-pane fade">
+<div id="b5vm471llv0000avmudg" class="tab-pane fade">
 Universal Control Plane can be configured to log data to a remote
 logging stack. The logging stack can subsequently be used to
 interpolate the information defined by this control from the logged
 audit records. Additional documentation can be found at the following
 resource:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -322,13 +350,13 @@ The information system provides centralized management and configuration of the
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000disljg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislk0">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislkg">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmue0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmueg">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmuf0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000disljg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmue0" class="tab-pane fade in active">
 Universal Control Plane can be configured to log data to a remote
 logging stack, which in turn, sends the Docker Trusted Registry
 backend container audit records to the remote logging stack. The
@@ -336,26 +364,37 @@ logging stack can subsequently be used to interpolate the information
 defined by this control from the logged audit records. Additional
 information can be found at the following resource:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislk0" class="tab-pane fade">
+<div id="b5vm471llv0000avmueg" class="tab-pane fade">
 Docker Enterprise Edition can be configured with various logging
 drivers to send audit events to an external logging stack. The logging
 stack can subsequently be used to interpolate the information defined
 by this control from the logged audit records. Additional
 documentation can be found at the following resource:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislkg" class="tab-pane fade">
+<div id="b5vm471llv0000avmuf0" class="tab-pane fade">
 Universal Control Plane can be configured to log data to a remote
 logging stack. The logging stack can subsequently be used to
 interpolate the information defined by this control from the logged
 audit records. Additional documentation can be found at the following
 resource:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -419,13 +458,13 @@ The information system:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000disll0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000disllg">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislm0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmufg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmug0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmugg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000disll0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmufg" class="tab-pane fade in active">
 Universal Control Plane can be configured to log data to a remote
 logging stack, which in turn, sends the Docker Trusted Registry
 backend container audit records to the remote logging stack. The
@@ -433,9 +472,13 @@ logging stack can subsequently be configured to alert individuals in
 the event of log processing failures. Additional information can be
 found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000disllg" class="tab-pane fade">
+<div id="b5vm471llv0000avmug0" class="tab-pane fade">
 Docker Enterprise Edition can be configured with various logging
 drivers to send audit events to an external logging stack. The logging
 stack can be used to interpolate the information defined by this
@@ -443,16 +486,23 @@ control and also be configured to alert on any audit processing
 failures. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislm0" class="tab-pane fade">
+<div id="b5vm471llv0000avmugg" class="tab-pane fade">
 Universal Control Plane can be configured to log data to a remote
 logging stack. The logging stack can subsequently be configured to
 alert individuals in the event of log processing failures. Additional
 information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -492,13 +542,13 @@ The information system provides a warning to [Assignment: organization-defined p
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dislmg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000disln0">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislng">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmuh0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmuhg">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmui0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dislmg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmuh0" class="tab-pane fade in active">
 Universal Control Plane can be configured to log data to a remote
 logging stack, which in turn, sends the Docker Trusted Registry
 backend container audit records to the remote logging stack. The
@@ -506,25 +556,36 @@ logging stack can subsequently be configured to warn the organization
 when the allocated log storage is full. Additional information can be
 found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000disln0" class="tab-pane fade">
+<div id="b5vm471llv0000avmuhg" class="tab-pane fade">
 Docker Enterprise Edition can be configured with various logging
 drivers to send audit events to an external logging stack. The logging
 stack can subsequently be configured to warn the organization when the
 allocated log storage is full. Additional information can be found at
 the following resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislng" class="tab-pane fade">
+<div id="b5vm471llv0000avmui0" class="tab-pane fade">
 Universal Control Plane can be configured to log data to a remote
 logging stack. The logging stack can subsequently be configured to
 warn the organization when the allocated log storage is full.
 Additional information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -564,13 +625,13 @@ The information system provides an alert in [Assignment: organization-defined re
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dislo0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislog">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislp0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmuig">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmuj0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmujg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dislo0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmuig" class="tab-pane fade in active">
 Universal Control Plane can be configured to log data to a remote
 logging stack, which in turn, sends the Docker Trusted Registry
 backend container audit records to the remote logging stack. The
@@ -578,25 +639,36 @@ logging stack can subsequently be configured to warn the organization
 when audit log failures occur. Additional information can be found at
 the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislog" class="tab-pane fade">
+<div id="b5vm471llv0000avmuj0" class="tab-pane fade">
 Docker Enterprise Edition can be configured with various logging
 drivers to send audit events to an external logging stack.  The
 logging stack can subsequently be configured to warn the organization
 when audit log failures occur. Additional information can be found at
 the following resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislp0" class="tab-pane fade">
+<div id="b5vm471llv0000avmujg" class="tab-pane fade">
 Universal Control Plane can be configured to log data to a remote
 logging stack. The logging stack can subsequently be configured to
 warn the organization when audit log failures occur. Additional
 information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -690,13 +762,13 @@ The information system provides the capability to centrally review and analyze a
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dislpg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislq0">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislqg">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmuk0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmukg">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmul0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dislpg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmuk0" class="tab-pane fade in active">
 Universal Control Plane can be configured to log data to a remote
 logging stack, which in turn, sends the Docker Trusted Registry
 backend container audit records to the remote logging stack. The
@@ -704,25 +776,36 @@ organization can subsequently centrally review and analyze all of the
 Docker EE audit records. Additional information can be found at the
 following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislq0" class="tab-pane fade">
+<div id="b5vm471llv0000avmukg" class="tab-pane fade">
 Docker Enterprise Edition can be configured with various logging
 drivers to send audit events to an external logging stack. The
 organization can subsequently centrally review and analyze all of the
 Docker EE audit records. Additional information can be found at the
 following resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislqg" class="tab-pane fade">
+<div id="b5vm471llv0000avmul0" class="tab-pane fade">
 Universal Control Plane can be configured to log data to a remote
 logging stack. The organization can subsequently centrally review and
 analyze all of the Docker EE audit records. Additional information can
 be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -826,13 +909,13 @@ The information system provides an audit reduction and report generation capabil
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dislr0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislrg">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000disls0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmulg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmum0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmumg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dislr0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmulg" class="tab-pane fade in active">
 Universal Control Plane can be configured to log data to a remote
 logging stack, which in turn, sends the Docker Trusted Registry
 backend container audit records to the remote logging stack. The
@@ -840,33 +923,44 @@ logging stack can subsequently be used to facilitate the audit
 reduction and report generation requirements of this control.
 Additional information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/The underlying operating system chosen to support Docker Trusted
+The underlying operating system chosen to support Docker Trusted
 Registry should be certified to ensure that logs are not altered
 during generation and transmission to a remote logging stack.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislrg" class="tab-pane fade">
+<div id="b5vm471llv0000avmum0" class="tab-pane fade">
 Docker Enterprise Edition can be configured with various logging
 drivers to send audit events to an external logging stack. The logging
 stack can subsequently be used to facilitate the audit reduction and
 report generation requirements of this control. Additional information
 can be found at the following resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 The underlying operating system chosen to support Docker Enterprise
 Edition should be certified to ensure that logs are not altered during
 generation and transmission to a remote logging stack.
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000disls0" class="tab-pane fade">
+<div id="b5vm471llv0000avmumg" class="tab-pane fade">
 Universal Control Plane can be configured to log data to a remote
 logging stack. The logging stack can subsequently be used to
 facilitate the audit reduction and report generation requirements of
 this control. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/The underlying operating system chosen to support Universal Control
+The underlying operating system chosen to support Universal Control
 Plane should be certified to ensure that logs are not altered during
 generation and transmission to a remote logging stack.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -906,13 +1000,13 @@ The information system provides the capability to process audit records for even
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dislsg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislt0">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000disltg">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmun0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmung">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmuo0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dislsg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmun0" class="tab-pane fade in active">
 Universal Control Plane can be configured to log data to a remote
 logging stack, which in turn, sends the Docker Trusted Registry
 backend container audit records to the remote logging stack. The
@@ -920,25 +1014,36 @@ logging stack can subsequently be configured to parse information by
 organization-defined audit fields. Additional information can be found
 at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dislt0" class="tab-pane fade">
+<div id="b5vm471llv0000avmung" class="tab-pane fade">
 Docker Enterprise Edition can be configured with various logging
 drivers to send audit events to an external logging stack. The logging
 stack can subsequently be configured to parse information by
 organization-defined audit fields. Additional information can be found
 at the following resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000disltg" class="tab-pane fade">
+<div id="b5vm471llv0000avmuo0" class="tab-pane fade">
 Universal Control Plane can be configured to log data to a remote
 logging stack. The logging stack can subsequently be configured to
 parse information by organization-defined audit fields. Additional
 information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -992,20 +1097,21 @@ The information system:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dislu0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislug">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dislv0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmuog">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmup0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmupg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dislu0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmuog" class="tab-pane fade in active">
 Docker Trusted Registry uses the system clock of the underlying
 operating system on which it runs. This behavior cannot be modified.The underlying operating system on which Docker Trusted Registry runs
 should be configured such that its system clock uses Coordinated
 Universal Time (UTC) as indicated by this control. Refer to the
 operating system&#39;s instructions for doing so.
+</ul>
 </div>
-<div id="b5vapgr5uce000dislug" class="tab-pane fade">
+<div id="b5vm471llv0000avmup0" class="tab-pane fade">
 Docker Enterprise Edition uses the system clock of the underlying
 operating system on which it runs. This behavior cannot be modified.
 The underlying operating system on which Docker Enterprise Edition
@@ -1013,13 +1119,15 @@ runs should be configured such that its system clock uses Coordinated
 Universal Time (UTC) as indicated by this control. Refer to the
 operating system&#39;s instructions for doing so.
 
+</ul>
 </div>
-<div id="b5vapgr5uce000dislv0" class="tab-pane fade">
+<div id="b5vm471llv0000avmupg" class="tab-pane fade">
 Universal Control Plane uses the system clock of the underlying
 operating system on which it runs. This behavior cannot be modified.The underlying operating system on which Universal Control Plane runs
 should be configured such that its system clock uses Coordinated
 Universal Time (UTC) as indicated by this control. Refer to the
 operating system&#39;s instructions for doing so.
+</ul>
 </div>
 </div>
 
@@ -1063,13 +1171,13 @@ The information system:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dislvg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism00">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism0g">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmuq0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmuqg">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmur0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dislvg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmuq0" class="tab-pane fade in active">
 The underlying operating system on which Docker Trusted Registry runs
 should be configured such that its system clock compares itself with
 an authoritative time source as indicated by this control. This can be
@@ -1081,8 +1189,9 @@ any time the time difference exceeds that of the organization-defined
 time period. This can be accomplished by utilizing the Network Time
 Protocol (NTP). Refer to the operating system&#39;s instructions for doing
 so.
+</ul>
 </div>
-<div id="b5vapgr5uce000dism00" class="tab-pane fade">
+<div id="b5vm471llv0000avmuqg" class="tab-pane fade">
 The underlying operating system on which Docker Enterprise Edition runs should
 be configured such that its system clock compares itself with an
 authoritative time source as indicated by this control. This can be
@@ -1096,8 +1205,9 @@ organization-defined time period. This can be accomplished by
 utilizing the Network Time Protocol (NTP). Refer to the operating
 system&#39;s instructions for doing so.
 
+</ul>
 </div>
-<div id="b5vapgr5uce000dism0g" class="tab-pane fade">
+<div id="b5vm471llv0000avmur0" class="tab-pane fade">
 The underlying operating system on which Universal Control Plane runs
 should be configured such that its system clock compares itself with
 an authoritative time source as indicated by this control. This can be
@@ -1109,6 +1219,7 @@ any time the time difference exceeds that of the organization-defined
 time period. This can be accomplished by utilizing the Network Time
 Protocol (NTP). Refer to the operating system&#39;s instructions for doing
 so.
+</ul>
 </div>
 </div>
 
@@ -1158,13 +1269,13 @@ The information system protects audit information and audit tools from unauthori
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dism10">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism1g">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism20">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmurg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmus0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmusg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dism10" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmurg" class="tab-pane fade in active">
 By default, Docker Trusted Registry is configured to use the
 underlying logging capabilities of Docker Enterprise Edition. As such,
 on the underlying Linux operating system, only root and sudo users and
@@ -1175,8 +1286,9 @@ of the system should it be decided that logs be sent to a remote
 logging stack. In this case, the organization is responsible for
 configuring the remote logging stack per the provisions of this
 control.
+</ul>
 </div>
-<div id="b5vapgr5uce000dism1g" class="tab-pane fade">
+<div id="b5vm471llv0000avmus0" class="tab-pane fade">
 On the underlying Linux operating system supporting Docker Enterprise
 Edition, only root and sudo users and users that have been added to
 the &#34;docker&#34; group have the ability to access the logs generated by
@@ -1187,16 +1299,13 @@ responsible for configuring the chosen logging stack per the
 provisions of this control. Additional information can be found at the
 following resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
-In addition, for Linux operating systems supporting Docker Enterprise
-Edition that use the systemd daemon, it is imperative that the Journal
-is secured per the requirements of this control. The same applies for
-Linux operating systems supporting Docker Enterprise Edition that
-instead use upstart.
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
 
+</ul>
 </div>
-<div id="b5vapgr5uce000dism20" class="tab-pane fade">
+<div id="b5vm471llv0000avmusg" class="tab-pane fade">
 By default, Universal Control Plane is configured to use the
 underlying logging capabilities of Docker Enterprise Edition. As such,
 on the underlying Linux operating system, only root and sudo users and
@@ -1207,6 +1316,7 @@ of the system should it be decided that logs be sent to a remote
 logging stack. In this case, the organization is responsible for
 configuring the remote logging stack per the provisions of this
 control.
+</ul>
 </div>
 </div>
 
@@ -1256,40 +1366,45 @@ The information system backs up audit records [Assignment: organization-defined
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dism2g">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism30">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism3g">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmut0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmutg">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmuu0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dism2g" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmut0" class="tab-pane fade in active">
 Docker Trusted Registry resides as an Application on a Universal
 Control Plane cluster, acan be configured to send logs to a remote
 logging stack. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
 
-The logging stack can subsequently be configured to back up audit
-records per the schedule defined by this control.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dism30" class="tab-pane fade">
+<div id="b5vm471llv0000avmutg" class="tab-pane fade">
 Docker Enterprise Edition can be configured to use a logging driver
 that can subsequently meet the backup requirements of this control.
 Additional information can be found at the following resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dism3g" class="tab-pane fade">
+<div id="b5vm471llv0000avmuu0" class="tab-pane fade">
 Universal Control Plane can be configured to send logs to a remote
 logging stack. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
 
-The logging stack can subsequently be configured to back up audit
-records per the schedule defined by this control.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1324,30 +1439,34 @@ The information system implements cryptographic mechanisms to protect the integr
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dism40">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism4g">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmuug">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmuv0">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dism40" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmuug" class="tab-pane fade in active">
 Docker Trusted Registry resides as an Application on a Universal
 Control Plane cluster, acan be configured to send logs to a remote
 logging stack. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
 
-The logging stack can subsequently be configured to meet the
-encryption mechanisms required by this control.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dism4g" class="tab-pane fade">
+<div id="b5vm471llv0000avmuv0" class="tab-pane fade">
 Docker Enterprise Edition can be configured to use a logging driver
 that can subsequently meet the encryption mechanisms required by this
 control. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1407,11 +1526,11 @@ The information system protects against an individual (or process acting on beha
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dism50">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmuvg">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dism50" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmuvg" class="tab-pane fade in active">
 Docker Enterprise Edition includes functionality known as Docker
 Content Trust which allows one to cryptographically sign Docker
 images. It enforces client-side signing and verification of image tags
@@ -1425,8 +1544,11 @@ manipulated; thus supproting the non-repudiation requirements of this
 control. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/engine/security/trust/content_trust/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/security/trust/content_trust/">https://docs.docker.com/engine/security/trust/content_trust/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1518,13 +1640,13 @@ The organization retains audit records for [Assignment: organization-defined tim
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dism5g">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism60">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism6g">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv00">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmv0g">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmv10">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dism5g" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv00" class="tab-pane fade in active">
 The organization will be responsible for meeting the requirements of
 this control. To assist with these requirements, Docker Trusted
 Registry resides as an Application on a Universal Control Plane
@@ -1532,31 +1654,36 @@ cluster, and as such, can be configured to send logs to a remote
 logging stack. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
 
-This logging stack can subsequently be configured to retain logs for
-the duration required by this control.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dism60" class="tab-pane fade">
+<div id="b5vm471llv0000avmv0g" class="tab-pane fade">
 The organization will be responsible for meeting the requirements of
 this control. To assist with these requirements, Docker Enterprise
 Edition can be configured to use a logging driver that stores data in
 a location for the duration specified by this control. Additional
 information can be found at the following resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dism6g" class="tab-pane fade">
+<div id="b5vm471llv0000avmv10" class="tab-pane fade">
 The organization will be responsible for meeting the requirements of
 this control. To assist with these requirements, Universal Control
 Plane can be configured to send logs to a remote logging stack.
 Additional information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
 
-This logging stack can subsequently be configured retain logs for the
-duration required by this control.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1611,29 +1738,28 @@ The information system:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dism70">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism7g">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism80">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv1g">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmv20">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmv2g">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dism70" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv1g" class="tab-pane fade in active">
 All of the event types indicated by AU-2 a. are logged by a
 combination of the backend services within Universal Control Plane and
 Docker Trusted Registry. Additional information can be found at the
 following resources:
 
-- https://docs.docker.com/datacenter/dtr/2.1/guides/monitor-troubleshoot/
-
-The underlying Linux operating system supporting DTR can be configured
-to audit Docker-specific events with the auditd daemon. Refer to the
-specific Linux distribution in use for instructions on configuring
-this service.Using auditd on the Linux operating system supporting DTR, the
+Using auditd on the Linux operating system supporting DTR, the
 organization can configure audit rules to select which Docker-specific
 events are to be audited. Refer to the specific Linux distribution in
 use for instructions on configuring this service.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.1/guides/monitor-troubleshoot/">https://docs.docker.com/datacenter/dtr/2.1/guides/monitor-troubleshoot/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dism7g" class="tab-pane fade">
+<div id="b5vm471llv0000avmv20" class="tab-pane fade">
 Both Universal Control Plane and Docker Trusted Registry backend
 service containers, all of which reside on Docker Enterprise Edition,
 log all of the event types indicated by this AU-2 a. These and other
@@ -1641,33 +1767,30 @@ application containers that reside on Docker Enterprise Edition can be
 configured to log data via an appropriate Docker logging driver.
 Additional information can be found at the following resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
-
-The underlying Linux operating system supporting Docker Enterprise
-Edition can be configured to audit Docker-specific events with the
-auditd daemon. Refer to the specific Linux distribution in use for
-instructions on configuring this service.
 Using auditd on the Linux operating system supporting CS Docker
 Engine, the organization can configure audit rules to select which
 Docker-specific events are to be audited. Refer to the specific Linux
 distribution in use for instructions on configuring this service.
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dism80" class="tab-pane fade">
+<div id="b5vm471llv0000avmv2g" class="tab-pane fade">
 All of the event types indicated by AU-2 a. are logged by the backend
 ucp-controller service within Universal Control Plane. In addition,
 each container created on a Universal Control Plane cluster logs event
 data. Additional information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
-
-The underlying Linux operating system supporting UCP can be configured
-to audit Docker-specific events with the auditd daemon. Refer to the
-specific Linux distribution in use for instructions on configuring
-this service.Using auditd on the Linux operating system supporting UCP, the
+Using auditd on the Linux operating system supporting UCP, the
 organization can configure audit rules to select which Docker-specific
 events are to be audited. Refer to the specific Linux distribution in
 use for instructions on configuring this service.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1707,25 +1830,25 @@ The information system compiles audit records from [Assignment: organization-def
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dism8g">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism90">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dism9g">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv30">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmv3g">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmv40">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dism8g" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv30" class="tab-pane fade in active">
 Docker Trusted Registry resides as an Application on a Universal
 Control Plane cluster, and as such, can be configured to send logs to
 a remote logging stack. Additional information can be found at the
 following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
 
-This logging stack can subsequently be used to compile audit records
-in to a system-wide audit trail that is time-correlated per the
-requirements of this control.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dism90" class="tab-pane fade">
+<div id="b5vm471llv0000avmv3g" class="tab-pane fade">
 Docker Enterprise Edition can be configured with various logging
 drivers to send audit events to an external logging stack. This
 logging stack can subsequently be used to compile audit records in to
@@ -1733,19 +1856,22 @@ a system-wide audit trail that is time-correlated per the requirements
 of this control. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dism9g" class="tab-pane fade">
+<div id="b5vm471llv0000avmv40" class="tab-pane fade">
 Universal Control Plane can be configured to send logs to a remote
 logging stack. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
 
-This logging stack can subsequently be used to compile audit records
-in to a system-wide audit trail that is time-correlated per the
-requirements of this control.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1795,42 +1921,47 @@ The information system provides the capability for [Assignment: organization-def
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000disma0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dismag">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dismb0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv4g">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmv50">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmv5g">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000disma0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv4g" class="tab-pane fade in active">
 Docker Trusted Registry resides as an Application on a Universal
 Control Plane cluster, and as such, can be configured to send logs to
 a remote logging stack. Additional information can be found at the
 following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
 
-This logging stack can subsequently be used to meet the requirements
-of this control.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dismag" class="tab-pane fade">
+<div id="b5vm471llv0000avmv50" class="tab-pane fade">
 Docker Enterprise Edition can be configured with various logging
 drivers to send audit events to an external logging stack. This
 logging stack can subsequently be used to meet the requirements of
 this control. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/engine/admin/logging/overview/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/admin/logging/overview/">https://docs.docker.com/engine/admin/logging/overview/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dismb0" class="tab-pane fade">
+<div id="b5vm471llv0000avmv5g" class="tab-pane fade">
 Universal Control Plane can be configured to send logs to a remote
 logging stack. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/
 
-This logging stack can subsequently be used to meet the requirements
-of this control.
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/store-logs-in-an-external-system/</a></li>
+
+</ul>
 </div>
 </div>
 
diff --git a/docs/compliance/reference/800-53/CA.md b/docs/compliance/reference/800-53/CA.md
index 8d52a15..85a3184 100644
--- a/docs/compliance/reference/800-53/CA.md
+++ b/docs/compliance/reference/800-53/CA.md
@@ -219,20 +219,23 @@ The organization develops a continuous monitoring strategy and implements a cont
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismbg">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv60">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismbg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv60" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing Docker
 Enterprise Edition and for helping the organization meet the
 continuous monitoring requirements of this control. Additional
 information can be found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
diff --git a/docs/compliance/reference/800-53/CM.md b/docs/compliance/reference/800-53/CM.md
index 8b913fb..a12268a 100644
--- a/docs/compliance/reference/800-53/CM.md
+++ b/docs/compliance/reference/800-53/CM.md
@@ -44,20 +44,23 @@ The organization:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismc0">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv6g">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismc0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv6g" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing Docker
 Enterprise Edition and for helping the organization meet the
 configurmation management requirements of this control. Additional
 information can be found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -87,20 +90,23 @@ The organization develops, documents, and maintains under configuration control,
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismcg">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv70">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismcg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv70" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing Docker
 Enterprise Edition and for helping the organization meet the
 configurmation management requirements of this control. Additional
 information can be found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -135,20 +141,23 @@ The organization reviews and updates the baseline configuration of the informati
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismd0">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv7g">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismd0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv7g" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing Docker
 Enterprise Edition and for helping the organization meet the
 configurmation management requirements of this control. Additional
 information can be found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -178,11 +187,11 @@ The organization employs automated mechanisms to maintain an up-to-date, complet
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismdg">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv80">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismdg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv80" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing Docker
 Enterprise Edition and for helping the organization meet the
 configurmation management requirements of this control. CIS regularly
@@ -193,10 +202,13 @@ Edition system configuration to ensure that the secure baseline
 configurations have been applied in an automated fashion. Additional
 information can be found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -226,11 +238,11 @@ The organization retains [Assignment: organization-defined previous versions of
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000disme0">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv8g">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000disme0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv8g" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing
 Docker Enterprise Edition and for helping the organization meet the
 configurmation management requirements of this control. CIS regularly
@@ -242,10 +254,13 @@ configurations have been applied in an automated fashion and can be
 rolled back as required by this control. Additional information can be
 found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -308,20 +323,23 @@ The organization:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismeg">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv90">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismeg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv90" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing
 Docker Enterprise Edition and for helping the organization meet the
 configurmation management change control requirements of this control.
 Additional information can be found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -359,11 +377,11 @@ The organization employs automated mechanisms to:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismf0">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmv9g">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismf0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmv9g" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing
 Docker Enterprise Edition and for helping the organization meet the
 configurmation management change control requirements of this control.
@@ -373,10 +391,13 @@ system configuration to ensure that the secure baseline configurations
 have been applied in an automated fashion. Additional information can
 be found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -406,11 +427,11 @@ The organization tests, validates, and documents changes to the information syst
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismfg">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmva0">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismfg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmva0" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing
 Docker Enterprise Edition and for helping the organization meet the
 configurmation management change control requirements of this control.
@@ -420,10 +441,13 @@ system configuration to ensure that the secure baseline configurations
 have been applied in an automated fashion. Additional information can
 be found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -483,20 +507,23 @@ The organization ensures that cryptographic mechanisms used to provide [Assignme
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismg0">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmvag">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismg0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmvag" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing
 Docker Enterprise Edition and for helping the organization meet the
 cryptography management requirements of this control. Additional
 information can be found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -571,29 +598,37 @@ The information system enforces access restrictions and supports auditing of the
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismgg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dismh0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmvb0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmvbg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismgg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmvb0" class="tab-pane fade in active">
 Role-based access control can be configured within Docker Trusted
 Registry to meet the requirements of this control. Additional
 information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/</a></li>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Organizations_.E2.80.94_RBAC</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dismh0" class="tab-pane fade">
+<div id="b5vm471llv0000avmvbg" class="tab-pane fade">
 Role-based access control can be configured within Universal Control
 Plane to meet the requirements of this control. Additional information
 can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#RBAC_and_Managing_Team_Level_Access_to_Resources
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#RBAC
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#RBAC_and_Managing_Team_Level_Access_to_Resources">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#RBAC_and_Managing_Team_Level_Access_to_Resources</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#RBAC">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#RBAC</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -623,20 +658,23 @@ The organization reviews information system changes [Assignment: organization-de
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismhg">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmvc0">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismhg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmvc0" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing
 Docker Enterprise Edition and for helping the organization meet the
 system change requirements of this control. Additional information can
 be found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -676,13 +714,13 @@ The information system prevents the installation of [Assignment: organization-de
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismi0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dismig">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dismj0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmvcg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmvd0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmvdg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismi0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmvcg" class="tab-pane fade in active">
 Docker Content Trust is a capability provided by Docker Enterprise
 Edition that enforces client-side signing and verification of Docker
 image tags. It provides the ability to use digital signatures for data
@@ -696,10 +734,14 @@ When installing Docker Trusted Registry, you should enable Docker
 Content Trust and subsequently pull the the signed DTR image tag.
 Additional information can be found at teh following resources:
 
-- https://docs.docker.com/engine/security/trust/content_trust/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/manage-trusted-repositories/
+
+<ul>
+<li><a href="https://docs.docker.com/engine/security/trust/content_trust/">https://docs.docker.com/engine/security/trust/content_trust/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/manage-trusted-repositories/">https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/manage-trusted-repositories/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dismig" class="tab-pane fade">
+<div id="b5vm471llv0000avmvd0" class="tab-pane fade">
 Before installing Docker Enterprise Edition, ensure that your
 supporting Linux operating system&#39;s packager manager supports package
 signature verification and that it is enabled. It is also required
@@ -718,10 +760,13 @@ Docker Content Trust in Docker Enterprise Edition you can enforce the
 use of signed Docker images. Additional information can be found at
 the following resources:
 
-- https://docs.docker.com/engine/security/trust/content_trust/
 
+<ul>
+<li><a href="https://docs.docker.com/engine/security/trust/content_trust/">https://docs.docker.com/engine/security/trust/content_trust/</a></li>
+
+</ul>
 </div>
-<div id="b5vapgr5uce000dismj0" class="tab-pane fade">
+<div id="b5vm471llv0000avmvdg" class="tab-pane fade">
 Docker Content Trust is a capability provided by Docker Enterprise Edition
 that enforces client-side signing and verification of Docker image
 tags. It provides the ability to use digital signatures for data sent
@@ -734,9 +779,13 @@ When configuring Universal Control Plane, you should enforce
 applications to only use Docker images signed by trusted UCP users
 within your organization. Additional information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/manage-trusted-repositories/
-- https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/continuous-integration/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/">https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/manage-trusted-repositories/">https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/manage-trusted-repositories/</a></li>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/continuous-integration/">https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/continuous-integration/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -826,30 +875,33 @@ The organization employs automated mechanisms to centrally manage, apply, and ve
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismjg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dismk0">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dismkg">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmve0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmveg">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmvf0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismjg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmve0" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with these requirements, the organization can
 incorporate the use of an external configuration management system to
 meet the requirements of this control.
+</ul>
 </div>
-<div id="b5vapgr5uce000dismk0" class="tab-pane fade">
+<div id="b5vm471llv0000avmveg" class="tab-pane fade">
 The organization is responsible for meeting the requirements of this
 control. The organization can incorporate the use of an external
 configuration management system to meet the requirements of this
 control.
 
+</ul>
 </div>
-<div id="b5vapgr5uce000dismkg" class="tab-pane fade">
+<div id="b5vm471llv0000avmvf0" class="tab-pane fade">
 The organization is responsible for meeting the requirements of this
  control. To assist with these requirements, the organization can
  incorporate the use of an external configuration management system to
  meet the requirements of this control.
+</ul>
 </div>
 </div>
 
@@ -927,32 +979,35 @@ The information system prevents program execution in accordance with [Selection
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000disml0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dismlg">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dismm0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmvfg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmvg0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmvgg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000disml0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmvfg" class="tab-pane fade in active">
 The organization can define a list of allowed base Docker images and
 make them available via Docker Trusted Registry. The organization can
 also prevent users from being able to pull Docker images from
 untrusted sources.
+</ul>
 </div>
-<div id="b5vapgr5uce000dismlg" class="tab-pane fade">
+<div id="b5vm471llv0000avmvg0" class="tab-pane fade">
 In order to restrict which Docker images can be used to deploy
 applications to Docker Enterprise Edition, the organization must define a list
 of allowed base Docker images and make them available via Docker
 Trusted Registry. The organization must also prevent users from being
 able to pull Docker images from untrusted sources.
 
+</ul>
 </div>
-<div id="b5vapgr5uce000dismm0" class="tab-pane fade">
+<div id="b5vm471llv0000avmvgg" class="tab-pane fade">
 In order to restrict which Docker images can be used to deploy
 applications to Universal Control Plane, the organization must define a
 list of allowed base Docker images and make them available via Docker
 Trusted Registry. The organization must also prevent users from being
 able to pull Docker images from untrusted sources.
+</ul>
 </div>
 </div>
 
@@ -1022,13 +1077,13 @@ The organization:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismmg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dismn0">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vapgr5uce000dismng">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmvh0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmvhg">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm471llv0000avmvi0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismmg" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmvh0" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with these requirements, the organization can
 define a list of allowed base Docker images and make them available
@@ -1039,8 +1094,9 @@ configure its systems to ensure that only approved Docker images are
 stored in Docker Trusted Registry. This can be accomplished by using
 Docker Content Trust to sign Docker images which can subsequently be
 stored in Docker Trusted Registry.
+</ul>
 </div>
-<div id="b5vapgr5uce000dismn0" class="tab-pane fade">
+<div id="b5vm471llv0000avmvhg" class="tab-pane fade">
 The organization is responsible for meeting the requirements of this
 control. To assist with these requirements and in order to restrict
 which Docker images can be used to deploy applications to CS Docker
@@ -1049,8 +1105,9 @@ images and make them available via Docker Trusted Registry. The
 organization must also prevent users from being able to pull Docker
 images from untrusted sources.
 
+</ul>
 </div>
-<div id="b5vapgr5uce000dismng" class="tab-pane fade">
+<div id="b5vm471llv0000avmvi0" class="tab-pane fade">
 The organization is responsible for meeting the requirements of this
 control. To assist with these requirements and in order to restrict
 which Docker images can be used to deploy applications to Universal
@@ -1066,7 +1123,11 @@ Docker images, and configure UCP to enforce only signed images from
 specific Teams at runtime. Additional information can be found at the
 following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/">https://docs.docker.com/datacenter/ucp/2.1/guides/user/content-trust/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1221,20 +1282,23 @@ The organization develops, documents, and implements a configuration management
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismo0">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmvig">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismo0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmvig" class="tab-pane fade in active">
 The CIS Docker Benchmark can be used as a baseline for securing
 Docker Enterprise Edition and for helping the organization meet the
 configuration management plan requirements of this control. Additional
 information can be found at the following resources:
 
-- https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf
-- http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark
 
+<ul>
+<li><a href="https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf">https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.13.0_Benchmark_v1.0.0.pdf</a></li>
+<li><a href="http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx">http://www.cisecurity.org/critical-controls/tools/CISControlsv4_MaptoNIST800-53rev4.xlsx</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Controls_from_the_CIS_Benchmark</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -1304,16 +1368,17 @@ The organization:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismog">DTR</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmvj0">DTR</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismog" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmvj0" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with these requirements, the organization can
 define a list of allowed base Docker images and make them available
 via Docker Trusted Registry. The organization can also prevent users
 from being able to pull Docker images from untrusted sources.
+</ul>
 </div>
 </div>
 
@@ -1343,16 +1408,17 @@ The information system alerts [Assignment: organization-defined personnel or rol
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vapgr5uce000dismp0">DTR</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm471llv0000avmvjg">DTR</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vapgr5uce000dismp0" class="tab-pane fade in active">
+<div id="b5vm471llv0000avmvjg" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with these requirements, the organization can
 define a list of allowed base Docker images and make them available
 via Docker Trusted Registry. The organization can also prevent users
 from being able to pull Docker images from untrusted sources.
+</ul>
 </div>
 </div>
 
diff --git a/docs/compliance/reference/800-53/CP.md b/docs/compliance/reference/800-53/CP.md
index 32d71c7..d258adb 100644
--- a/docs/compliance/reference/800-53/CP.md
+++ b/docs/compliance/reference/800-53/CP.md
@@ -525,28 +525,36 @@ The information system implements transaction recovery for systems that are tran
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000dismpg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaph35uce000dismq0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvk0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avmvkg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000dismpg" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvk0" class="tab-pane fade in active">
 Docker Trusted Registry maintains its cluster state via an internal
 key-value store. This, and other DTR transactions can be backed up and
 recovered. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/backups-and-disaster-recovery/
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#DTR_Backup
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/backups-and-disaster-recovery/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/backups-and-disaster-recovery/</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#DTR_Backup">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#DTR_Backup</a></li>
+
+</ul>
 </div>
-<div id="b5vaph35uce000dismq0" class="tab-pane fade">
+<div id="b5vm479llv0000avmvkg" class="tab-pane fade">
 Universal Control Plane maintains its cluster state via an internal
 key-value store. This, and other UCP transactions can be backed up and
 recovered. Additional information can be found at the following
 resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/backups-and-disaster-recovery/
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#UCP_Backup
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/backups-and-disaster-recovery/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/backups-and-disaster-recovery/</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#UCP_Backup">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#UCP_Backup</a></li>
+
+</ul>
 </div>
 </div>
 
diff --git a/docs/compliance/reference/800-53/IA.md b/docs/compliance/reference/800-53/IA.md
index cec0a4b..2ce4878 100644
--- a/docs/compliance/reference/800-53/IA.md
+++ b/docs/compliance/reference/800-53/IA.md
@@ -54,11 +54,11 @@ The information system uniquely identifies and authenticates organizational user
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000dismqg">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvl0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000dismqg" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvl0" class="tab-pane fade in active">
 Docker Enterprise Edition can be configured to identify and authenticate
 users via it&#39;s integrated support for LDAP. Users and groups managed
 within the organization&#39;s LDAP directory service (e.g. Active
@@ -69,6 +69,7 @@ synchronized via LDAP. When a user is added/removed to/from the LDAP
 group, that same user is automatically added/removed to/from the UCP and DTR
 team. Instructions for configuring LDAP integration can be found at
 https://docs.docker.com/datacenter/ucp/2.0/guides/configuration/integrate-with-ldap/.
+</ul>
 </div>
 </div>
 
@@ -148,32 +149,35 @@ The organization requires individuals to be authenticated with an individual aut
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000dismr0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaph35uce000dismrg">UCP</a></li>
-<li><a data-toggle="tab" data-target="#b5vaph35uce000disms0">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvlg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avmvm0">UCP</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avmvmg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000dismr0" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvlg" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with meeting these requirements, Docker Trusted
 Registry requires individual users to be authenticated in order to
 gain access to the system. Any permissions granted to the team(s) that
 which the user is a member are subsequently applied.
+</ul>
 </div>
-<div id="b5vaph35uce000dismrg" class="tab-pane fade">
+<div id="b5vm479llv0000avmvm0" class="tab-pane fade">
 The organization is responsible for meeting the requirements of this
 control. To assist with meeting these requirements, Universal Control
 Plane requires individual users to be authenticated in order to gain
 access to the system. Any permissions granted to the team(s) that
 which the user is a member are subsequently applied.
+</ul>
 </div>
-<div id="b5vaph35uce000disms0" class="tab-pane fade">
+<div id="b5vm479llv0000avmvmg" class="tab-pane fade">
 The organization is responsible for meeting the requirements of this
 control. To assist with meeting these requirements, Docker Enterprise Edition
 requires individual users to be authenticated in order to gain access
 to the system. Any permissions granted to the team(s) that which the
 user is a member are subsequently applied.
+</ul>
 </div>
 </div>
 
@@ -223,15 +227,16 @@ The information system implements replay-resistant authentication mechanisms for
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000dismsg">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvn0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000dismsg" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvn0" class="tab-pane fade in active">
 Docker Enterprise Edition integrates with LDAP for authenticating users to an
 external directory service. You should configure your external
 directory service for ensuring that you are protected against replay
 attacks.
+</ul>
 </div>
 </div>
 
@@ -261,15 +266,16 @@ The information system implements replay-resistant authentication mechanisms for
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000dismt0">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvng">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000dismt0" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvng" class="tab-pane fade in active">
 Docker Enterprise Edition integrates with LDAP for authenticating users to an
 external directory service. You should configure your external
 directory service for ensuring that you are protected against replay
 attacks.
+</ul>
 </div>
 </div>
 
@@ -349,13 +355,13 @@ The information system uniquely identifies and authenticates [Assignment: organi
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000dismtg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaph35uce000dismu0">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vaph35uce000dismug">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvo0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avmvog">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avmvp0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000dismtg" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvo0" class="tab-pane fade in active">
 Docker Trusted Registry replicas reside on Universal Control Plane
 worker nodes. In order for UCP worker nodes to join a Universal
 Control Plane cluster, they must be identified and authenticated via a
@@ -365,20 +371,26 @@ cluster and when mutual TLS authentication between the UCP worker and
 manager nodes has been established. Reference documentation can be
 found at
 https://docs.docker.com/datacenter/dtr/2.1/guides/install/#/step-7-join-replicas-to-the-cluster.
+</ul>
 </div>
-<div id="b5vaph35uce000dismu0" class="tab-pane fade">
+<div id="b5vm479llv0000avmvog" class="tab-pane fade">
 In order for other CS Engine nodes to be able to join a cluster
 managed by Universal Control Plane, they must be identified and
 authenticated via either a manager or worker token. Use of the token
 includes trust on first use mutual TLS.
 
+</ul>
 </div>
-<div id="b5vaph35uce000dismug" class="tab-pane fade">
+<div id="b5vm479llv0000avmvp0" class="tab-pane fade">
 In order for nodes to join a Universal Control Plane cluster, they
 must be identified and authenticated via either a manager or worker
 token. Additional information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/scale-your-cluster/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/scale-your-cluster/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/scale-your-cluster/</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -449,11 +461,11 @@ The organization manages information system identifiers by:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000dismv0">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvpg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000dismv0" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvpg" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with meeting these requirements, an external
 directory service integrated with Docker Enterprise Edition via LDAP can be
@@ -470,6 +482,7 @@ directory service integrated with Docker Enterprise Edition via LDAP can be
 configured to prevent the reuse of user identifiers for a specified
 period of time. Refer to your directory service&#39;s documentation for
 configuring this.
+</ul>
 </div>
 </div>
 
@@ -529,17 +542,18 @@ The organization manages individual identifiers by uniquely identifying each ind
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000dismvg">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvq0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000dismvg" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvq0" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with meeting these requirements, an external
 directory service integrated with Docker Enterprise Edition via LDAP can be
 configured to uniquely identify each individual according to the
 requirements of this control. Refer to your directory service&#39;s
 documentation for configuring this.
+</ul>
 </div>
 </div>
 
@@ -611,11 +625,11 @@ The organization manages information system authenticators by:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000disn00">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvqg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000disn00" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvqg" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with meeting these requirements, an external
 directory service integrated with Docker Enterprise Edition via LDAP can be
@@ -665,6 +679,7 @@ configured to change authenticators for group or role accounts when
 membership to those groups or roles changes  according to the
 requirements of this control. Refer to your directory service&#39;s
 documentation for configuring this.
+</ul>
 </div>
 </div>
 
@@ -702,11 +717,11 @@ The information system, for password-based authentication:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000disn0g">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvr0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000disn0g" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvr0" class="tab-pane fade in active">
 An external directory service integrated with Docker Enterprise
 Edition via LDAP can be configured to enforce minimum password
 complexity requirements. Refer to your directory service&#39;s
@@ -731,6 +746,7 @@ Edition via LDAP can be configured to enforce the requirement to
 change initial/temporary passwords upon first login according to the
 requirements of this control. Refer to your directory service&#39;s
 documentation for configuring this.
+</ul>
 </div>
 </div>
 
@@ -776,13 +792,13 @@ The information system, for PKI-based authentication:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000disn10">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaph35uce000disn1g">UCP</a></li>
-<li><a data-toggle="tab" data-target="#b5vaph35uce000disn20">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvrg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avmvs0">UCP</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avmvsg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000disn10" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvrg" class="tab-pane fade in active">
 Docker Trusted Registry includes a Docker volume which holds the root
 key material for the DTR root CA that issues certificats. In addition
 Universal Control Plane contains two, built-in root certificate
@@ -813,8 +829,9 @@ https://docs.docker.com/datacenter/ucp/2.0/guides/configuration/#/replace-the-se
 In addition, Docker Trusted Registry&#39;s server certificates can be
 replaced by following the instructions at
 https://docs.docker.com/datacenter/dtr/2.1/guides/configure/.
+</ul>
 </div>
-<div id="b5vaph35uce000disn1g" class="tab-pane fade">
+<div id="b5vm479llv0000avmvs0" class="tab-pane fade">
 Universal Control Plane contains two, built-in root certificate
 authorities. One CA is used for signing client bundles generated by
 users. The other CA is used for TLS communication between UCP cluster
@@ -835,9 +852,13 @@ Administrator or the user themselves. The cluster&#39;s internal
 certificates can also be revoked and updated. Additional information
 can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.0/guides/configuration/#/replace-the-server-certificates
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.0/guides/configuration/#/replace-the-server-certificates">https://docs.docker.com/datacenter/ucp/2.0/guides/configuration/#/replace-the-server-certificates</a></li>
+
+</ul>
 </div>
-<div id="b5vaph35uce000disn20" class="tab-pane fade">
+<div id="b5vm479llv0000avmvsg" class="tab-pane fade">
 All users within a Docker Enterprise Edition cluster can create a
 client certificate bundle for authenticating in to the cluster from
 the Docker client tooling. When a user attempts to authenticate in to
@@ -857,6 +878,7 @@ the Docker client tooling. When a user attempts to authenticate in to
 the Docker cluster, it is up to the underlying operating system
 hosting Docker Enterprise Edition to ensure that it implements a local
 cache of revocation data per the requirements of this control.
+</ul>
 </div>
 </div>
 
@@ -896,17 +918,18 @@ The organization employs automated tools to determine if password authenticators
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000disn2g">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvt0">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000disn2g" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvt0" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with meeting these requirements, an external
 directory service integrated with Docker Enterprise Edition via LDAP can be
 configured with automation to ensure that password authenticators meet
 strength requirements as defined by this control. Refer to your
 directory service&#39;s documentation for configuring this.
+</ul>
 </div>
 </div>
 
@@ -946,16 +969,17 @@ The organization protects authenticators commensurate with the security category
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000disn30">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvtg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000disn30" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvtg" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with meeting these requirements, an external
 directory service integrated with Docker Enterprise Edition via LDAP can be
 configured to protect authenticators as required by this control.
 Refer to your directory service&#39;s documentation for configuring this.
+</ul>
 </div>
 </div>
 
@@ -1080,20 +1104,22 @@ The information system obscures feedback of authentication information during th
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000disn3g">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaph35uce000disn40">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvu0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avmvug">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000disn3g" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvu0" class="tab-pane fade in active">
 Docker Trusted Registry obscures all feedback of authentication
 information during the authentication process. This includes both
 authentication via the web UI and the CLI.
+</ul>
 </div>
-<div id="b5vaph35uce000disn40" class="tab-pane fade">
+<div id="b5vm479llv0000avmvug" class="tab-pane fade">
 Universal Control Plane obscures all feedback of authentication
 information during the authentication process. This includes both
 authentication via the web UI and the CLI.
+</ul>
 </div>
 </div>
 
@@ -1128,22 +1154,24 @@ The information system implements mechanisms for authentication to a cryptograph
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000disn4g">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaph35uce000disn50">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avmvv0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avmvvg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000disn4g" class="tab-pane fade in active">
+<div id="b5vm479llv0000avmvv0" class="tab-pane fade in active">
 All access to Docker Trusted Registry is protected with Transport
 Layer Security (TLS) 1.2 with the AES-GCM cipher. This includes both
 SSH access to the individual UCP nodes and CLI-/web-based access to
 the UCP management functions with mutual TLS and HTTPS respectively.
+</ul>
 </div>
-<div id="b5vaph35uce000disn50" class="tab-pane fade">
+<div id="b5vm479llv0000avmvvg" class="tab-pane fade">
 All access to Universal Control Plane is protected with Transport
 Layer Security (TLS) 1.2 with the AES GCM cipher. This includes both
 SSH access to the individual UCP nodes and CLI-/web-based access to
 the UCP management functions with mutual TLS and HTTPS respectively.
+</ul>
 </div>
 </div>
 
@@ -1178,20 +1206,22 @@ The information system uniquely identifies and authenticates non-organizational
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000disn5g">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaph35uce000disn60">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avn000">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avn00g">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000disn5g" class="tab-pane fade in active">
+<div id="b5vm479llv0000avn000" class="tab-pane fade in active">
 Users managed by Docker Trusted Registry can be grouped per the
 requirements of the organization and as defined by this control. This
 can include groupings for non-organizational users.
+</ul>
 </div>
-<div id="b5vaph35uce000disn60" class="tab-pane fade">
+<div id="b5vm479llv0000avn00g" class="tab-pane fade">
 Users managed by Universal Control Plane can be grouped per the
 requirements of the organization and as defined by this control. This
 can include groupings for non-organizational users.
+</ul>
 </div>
 </div>
 
@@ -1231,15 +1261,16 @@ The information system accepts only FICAM-approved third-party credentials.
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000disn6g">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avn010">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000disn6g" class="tab-pane fade in active">
+<div id="b5vm479llv0000avn010" class="tab-pane fade in active">
 An external directory service integrated with Docker Enterprise Edition via
 LDAP can be configured to meet the FICAM requirements as indicated by
 this control. Refer to your directory service&#39;s documentation for
 configuring this.
+</ul>
 </div>
 </div>
 
@@ -1269,17 +1300,18 @@ The organization employs only FICAM-approved information system components in [A
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000disn70">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avn01g">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000disn70" class="tab-pane fade in active">
+<div id="b5vm479llv0000avn01g" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with meeting these requirements, an external
 directory service integrated with Docker Enterprise Edition via LDAP can be
 configured to meet the FICAM requirements as indicated by this
 control. Refer to your directory service&#39;s documentation for
 configuring this.
+</ul>
 </div>
 </div>
 
@@ -1309,17 +1341,18 @@ The information system conforms to FICAM-issued profiles.
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaph35uce000disn7g">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avn020">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaph35uce000disn7g" class="tab-pane fade in active">
+<div id="b5vm479llv0000avn020" class="tab-pane fade in active">
 The organization is responsible for meeting the requirements of this
 control. To assist with meeting these requirements, an external
 directory service integrated with Docker Enterprise Edition via LDAP can be
 configured to meet the FICAM requirements as indicated by this
 control. Refer to your directory service&#39;s documentation for
 configuring this.
+</ul>
 </div>
 </div>
 
diff --git a/docs/compliance/reference/800-53/RA.md b/docs/compliance/reference/800-53/RA.md
index cbe660f..ed98902 100644
--- a/docs/compliance/reference/800-53/RA.md
+++ b/docs/compliance/reference/800-53/RA.md
@@ -114,22 +114,24 @@ The organization employs vulnerability scanning tools that include the capabilit
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphb5uce000disn80">DSS</a></li>
-<li><a data-toggle="tab" data-target="#b5vaphb5uce000disn8g">DTR</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avn02g">DSS</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avn030">DTR</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphb5uce000disn80" class="tab-pane fade in active">
+<div id="b5vm479llv0000avn02g" class="tab-pane fade in active">
 To assist the orgnization in meeting the requirements of this control, the Docker Security Scanning (DSS) component of Docker Trusted Registry
 (DTR) that is included with the Docker Enterprise Edition Advanced
 tier can be used to scan Docker images for vulnerabilities against
 known vulnerability databases. Scans can be triggered either manually
 or when Docker images are pushed to DTR.
+</ul>
 </div>
-<div id="b5vaphb5uce000disn8g" class="tab-pane fade">
+<div id="b5vm479llv0000avn030" class="tab-pane fade">
 The Docker Security Scanning tool allows for the scanning of Docker
 images in Docker Trusted Registry against the Common Vulnerabilities
 and Exposures (CVE) dictionary.
+</ul>
 </div>
 </div>
 
@@ -159,11 +161,11 @@ The organization updates the information system vulnerabilities scanned [Selecti
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphb5uce000disn90">DSS</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avn03g">DSS</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphb5uce000disn90" class="tab-pane fade in active">
+<div id="b5vm479llv0000avn03g" class="tab-pane fade in active">
 To assist the orgnization in meeting the requirements of this
 control, the Docker Security Scanning component of Docker Trusted
 Registry (DTR) that is included with the Docker Enterprise Edition
@@ -172,8 +174,12 @@ that it scans. DSS is also synchronized to an aggregate listing of
 known vulnerabilities that is compiled from both the MITRE and NVD CVE
 databases. Additional information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/admin/configure/set-up-vulnerability-scans/
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Image_Scanning
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/admin/configure/set-up-vulnerability-scans/">https://docs.docker.com/datacenter/dtr/2.2/guides/admin/configure/set-up-vulnerability-scans/</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Image_Scanning">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Image_Scanning</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -208,22 +214,24 @@ The organization employs vulnerability scanning procedures that can identify the
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphb5uce000disn9g">DSS</a></li>
-<li><a data-toggle="tab" data-target="#b5vaphb5uce000disna0">DTR</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avn040">DSS</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avn04g">DTR</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphb5uce000disn9g" class="tab-pane fade in active">
+<div id="b5vm479llv0000avn040" class="tab-pane fade in active">
 To assist the orgnization in meeting the requirements of this
 control, the Docker Security Scanning component of Docker Trusted
 Registry (DTR) that is included with the Docker Enterprise Edition
 Advanced tier identifies vulnerabilities in a Docker image and marks
 them against predefined criticality levels; critical major and minor.
+</ul>
 </div>
-<div id="b5vaphb5uce000disna0" class="tab-pane fade">
+<div id="b5vm479llv0000avn04g" class="tab-pane fade">
 The Docker Security Scanning tool allows for the scanning of Docker
 images in Docker Trusted Registry against the Common Vulnerabilities
 and Exposures (CVE).&#39; dictionary
+</ul>
 </div>
 </div>
 
@@ -263,14 +271,15 @@ The information system implements privileged access authorization to [Assignment
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphb5uce000disnag">DSS</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avn050">DSS</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphb5uce000disnag" class="tab-pane fade in active">
+<div id="b5vm479llv0000avn050" class="tab-pane fade in active">
 Only the appropriate users that the organization has provided Docker
 Trusted Registry access to are able to view and interpret
 vulnerability scan results.
+</ul>
 </div>
 </div>
 
@@ -300,16 +309,17 @@ The organization employs automated mechanisms to compare the results of vulnerab
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphb5uce000disnb0">DSS</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avn05g">DSS</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphb5uce000disnb0" class="tab-pane fade in active">
+<div id="b5vm479llv0000avn05g" class="tab-pane fade in active">
 For each Docker image pushed to Docker Trusted Registry at a given
 time, Docker Security Scaninng retains a list of vulnerabilities
 detected. The DTR API can be queried to retrieve the vulnerability
 scan results over a period of time for a given Docker image such that
 the results can be compared per the requirements of this control.
+</ul>
 </div>
 </div>
 
diff --git a/docs/compliance/reference/800-53/SA.md b/docs/compliance/reference/800-53/SA.md
index dea60f4..6f5762d 100644
--- a/docs/compliance/reference/800-53/SA.md
+++ b/docs/compliance/reference/800-53/SA.md
@@ -341,13 +341,13 @@ The organization requires the developer of the information system, system compon
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disnbg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaphj5uce000disnc0">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vaphj5uce000disncg">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm479llv0000avn060">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avn06g">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm479llv0000avn070">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disnbg" class="tab-pane fade in active">
+<div id="b5vm479llv0000avn060" class="tab-pane fade in active">
 Docker Content Trust gives you the ability to verify both the
 integrity and the publisher of all the data received from a Docker
 Trusted Registry over any channel. It allows operations with a remote
@@ -357,8 +357,9 @@ sent to and receive from remote DTR instances. These signatures allow
 client-side verification of the integrity and publisher of specific
 image tags. Docker Trusted Registry includes an integrated imaging
 signing service.
+</ul>
 </div>
-<div id="b5vaphj5uce000disnc0" class="tab-pane fade">
+<div id="b5vm479llv0000avn06g" class="tab-pane fade">
 Docker Content Trust gives you the ability to verify both the
 integrity and the publisher of all the data received from a Docker
 Trusted Registry over any channel. It allows operations with a remote
@@ -368,8 +369,9 @@ sent to and receive from remote DTR instances. These signatures allow
 client-side verification of the integrity and publisher of specific
 image tags.
 
+</ul>
 </div>
-<div id="b5vaphj5uce000disncg" class="tab-pane fade">
+<div id="b5vm479llv0000avn070" class="tab-pane fade">
 The organization is responsible for meeting the requirements of this
 control. To assist with these requirements, Docker Content Trust gives
 you the ability to verify both the integrity and the publisher of all
@@ -382,7 +384,11 @@ integrity and publisher of specific image tags. Universal Control
 Plane can be configured to only run trusted and signed images.
 Additional information can be found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/run-only-the-images-you-trust/
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/run-only-the-images-you-trust/">https://docs.docker.com/datacenter/ucp/2.1/guides/admin/configure/run-only-the-images-you-trust/</a></li>
+
+</ul>
 </div>
 </div>
 
diff --git a/docs/compliance/reference/800-53/SC.md b/docs/compliance/reference/800-53/SC.md
index 20b82c8..32ad221 100644
--- a/docs/compliance/reference/800-53/SC.md
+++ b/docs/compliance/reference/800-53/SC.md
@@ -59,30 +59,38 @@ The information system separates user functionality (including user interface se
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disnd0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaphj5uce000disndg">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm47hllv0000avn07g">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm47hllv0000avn080">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disnd0" class="tab-pane fade in active">
+<div id="b5vm47hllv0000avn07g" class="tab-pane fade in active">
 Docker Trusted Registry is made up of a number of backend services
 that provide for both user functionality (including user interface
 services) and system management functionality. Each of these services
 operates independently of one another. Additional information can be
 found at the following resources:
 
-- https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#Docker_Trusted_Registry
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/">https://docs.docker.com/datacenter/dtr/2.2/guides/architecture/</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#Docker_Trusted_Registry">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#Docker_Trusted_Registry</a></li>
+
+</ul>
 </div>
-<div id="b5vaphj5uce000disndg" class="tab-pane fade">
+<div id="b5vm47hllv0000avn080" class="tab-pane fade">
 Universal Control Plane is made up of a number of backend services
 that provide for both user functionality (including user interface
 services) and system management functionality. Each of these services
 operates independently of one another. Additional information can be
 found at the following resources:
 
-- https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#Universal_Control_Plane
+
+<ul>
+<li><a href="https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/">https://docs.docker.com/datacenter/ucp/2.1/guides/architecture/</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#Universal_Control_Plane">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Docker_EE_Best_Practices_and_Design_Considerations#Universal_Control_Plane</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -442,11 +450,11 @@ The information system provides the capability to dynamically isolate/segregate
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disne0">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm47hllv0000avn08g">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disne0" class="tab-pane fade in active">
+<div id="b5vm47hllv0000avn08g" class="tab-pane fade in active">
 Docker Enterprise Edition is designed to run application containers
 whose content can be completely isolated/segregated from other
 application containers within the same node/cluster. This is
@@ -454,10 +462,13 @@ accomplished by way of Linux kernel primitives and various security
 profiles that can be applied to the underlying host OS. Additional
 information can be found at the following resources:
 
-- https://docs.docker.com/engine/security/security/
-- https://docs.docker.com/engine/userguide/networking/overlay-security-model/
-- https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Engine_and_Node_Security
 
+<ul>
+<li><a href="https://docs.docker.com/engine/security/security/">https://docs.docker.com/engine/security/security/</a></li>
+<li><a href="https://docs.docker.com/engine/userguide/networking/overlay-security-model/">https://docs.docker.com/engine/userguide/networking/overlay-security-model/</a></li>
+<li><a href="https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Engine_and_Node_Security">https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Securing_Docker_EE_and_Security_Best_Practices#Engine_and_Node_Security</a></li>
+
+</ul>
 </div>
 </div>
 
@@ -617,17 +628,18 @@ The organization produces, controls, and distributes symmetric cryptographic key
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disneg">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm47hllv0000avn090">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disneg" class="tab-pane fade in active">
+<div id="b5vm47hllv0000avn090" class="tab-pane fade in active">
 Docker Enterprise Edition can be installed on the following operating systems:
 CentOS 7.1&#43;, Red Hat Enterprise Linux 7.0&#43;, Ubuntu 14.04 LTS&#43;, and
 SUSE Linux Enterprise 12&#43;. In order to meet the requirements of this
 control, reference the chosen operating system&#39;s documentation to
 ensure it is configured in FIPS mode.
 
+</ul>
 </div>
 </div>
 
@@ -667,17 +679,18 @@ The information system implements [Assignment: organization-defined cryptographi
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disnf0">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm47hllv0000avn09g">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disnf0" class="tab-pane fade in active">
+<div id="b5vm47hllv0000avn09g" class="tab-pane fade in active">
 Docker Enterprise Edition can be installed on the following operating systems:
 CentOS 7.1&#43;, Red Hat Enterprise Linux 7.0&#43;, Ubuntu 14.04 LTS&#43;, and
 SUSE Linux Enterprise 12&#43;. In order to meet the requirements of this
 control, reference the chosen operating system&#39;s documentation to
 ensure it is configured in FIPS mode.
 
+</ul>
 </div>
 </div>
 
@@ -914,34 +927,37 @@ The information system protects the authenticity of communications sessions.
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disnfg">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaphj5uce000disng0">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vaphj5uce000disngg">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm47hllv0000avn0a0">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm47hllv0000avn0ag">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm47hllv0000avn0b0">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disnfg" class="tab-pane fade in active">
+<div id="b5vm47hllv0000avn0a0" class="tab-pane fade in active">
 All remote access sessions to Docker Trusted Registry are protected
 with Transport Layer Security (TLS) 1.2 with the AES GCM cipher. This
 is included at both the HTTPS application layer for access to the DTR
 user interface and for command-line based connections to the registry.
 In addition to this, all communication to DTR is enforced by way of
 two-way mutual TLS authentication.
+</ul>
 </div>
-<div id="b5vaphj5uce000disng0" class="tab-pane fade">
+<div id="b5vm47hllv0000avn0ag" class="tab-pane fade">
 All remote access sessions to Docker Enterprise Edition are protected with
 Transport Layer Security (TLS) 1.2 with the AES GCM cipher. In
 addition to this, all communication to and between Docker Enterprise Editions
 is enforced by way of two-way mutual TLS authentication.
 
+</ul>
 </div>
-<div id="b5vaphj5uce000disngg" class="tab-pane fade">
+<div id="b5vm47hllv0000avn0b0" class="tab-pane fade">
 All remote access sessions to Universal Control Plane are protected
 with Transport Layer Security (TLS) 1.2 with the AES GCM cipher. This
 is included at both the HTTPS application layer for access to the UCP
 user interface and for command-line based connections to the cluster.
 In addition to this, all communication to UCP is enforced by way of
 two-way mutual TLS authentication.
+</ul>
 </div>
 </div>
 
@@ -971,13 +987,14 @@ The information system invalidates session identifiers upon user logout or other
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disnh0">eNZi</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm47hllv0000avn0bg">eNZi</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disnh0" class="tab-pane fade in active">
+<div id="b5vm47hllv0000avn0bg" class="tab-pane fade in active">
 Docker Enterprise Edition invalidates session identifiers upon user
 logout per the requirements of this control.
+</ul>
 </div>
 </div>
 
@@ -1067,11 +1084,11 @@ The information system protects the [Selection (one or more): confidentiality; i
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disnhg">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm47hllv0000avn0c0">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disnhg" class="tab-pane fade in active">
+<div id="b5vm47hllv0000avn0c0" class="tab-pane fade in active">
 All remote access sessions to Docker Enterprise Edition are protected
 with Transport Layer Security (TLS) 1.2 with the AES GCM cipher. In
 addition to this, all communication to/from and between Docker
@@ -1080,6 +1097,7 @@ authentication. All Swarm Mode manager nodes in a Docker Enterprise
 Edition cluster store state metadata and user secrets encrypted at
 rest using the AES GCM cipher.
 
+</ul>
 </div>
 </div>
 
@@ -1119,34 +1137,37 @@ The information system implements cryptographic mechanisms to prevent unauthoriz
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disni0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaphj5uce000disnig">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vaphj5uce000disnj0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm47hllv0000avn0cg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm47hllv0000avn0d0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm47hllv0000avn0dg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disni0" class="tab-pane fade in active">
+<div id="b5vm47hllv0000avn0cg" class="tab-pane fade in active">
 All remote access sessions to Docker Trusted Registry are protected
 with Transport Layer Security (TLS) 1.2 with the AES GCM cipher. This
 is included at both the HTTPS application layer for access to the DTR
 user interface and for command-line based connections to the registry.
 In addition to this, all communication to DTR is enforced by way of
 two-way mutual TLS authentication.
+</ul>
 </div>
-<div id="b5vaphj5uce000disnig" class="tab-pane fade">
+<div id="b5vm47hllv0000avn0d0" class="tab-pane fade">
 All remote access sessions to Docker Enterprise Edition are protected with
 Transport Layer Security (TLS) 1.2 with the AES GCM cipher. In
 addition to this, all communication to and between Docker Enterprise Editions
 is enforced by way of two-way mutual TLS authentication.
 
+</ul>
 </div>
-<div id="b5vaphj5uce000disnj0" class="tab-pane fade">
+<div id="b5vm47hllv0000avn0dg" class="tab-pane fade">
 All remote access sessions to Universal Control Plane are protected
 with Transport Layer Security (TLS) 1.2 with the AES GCM cipher. This
 is included at both the HTTPS application layer for access to the UCP
 user interface and for command-line based connections to the cluster.
 In addition to this, all communication to UCP is enforced by way of
 two-way mutual TLS authentication.
+</ul>
 </div>
 </div>
 
diff --git a/docs/compliance/reference/800-53/SI.md b/docs/compliance/reference/800-53/SI.md
index 784d6f5..374b80d 100644
--- a/docs/compliance/reference/800-53/SI.md
+++ b/docs/compliance/reference/800-53/SI.md
@@ -155,17 +155,18 @@ The information system automatically updates malicious code protection mechanism
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disnjg">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm47hllv0000avn0e0">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disnjg" class="tab-pane fade in active">
+<div id="b5vm47hllv0000avn0e0" class="tab-pane fade in active">
 Docker Enterprise Edition packages for supported underlying operating
 systems can only be obtained from Docker, Inc. The Docker EE
 repositories from which Docker EE packages are obtained are protected
 with official GPG keys. Each Docker package is also validated with a
 signature definition.
 
+</ul>
 </div>
 </div>
 
@@ -866,30 +867,33 @@ The information system:
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disnk0">DTR</a></li>
-<li><a data-toggle="tab" data-target="#b5vaphj5uce000disnkg">Engine</a></li>
-<li><a data-toggle="tab" data-target="#b5vaphj5uce000disnl0">UCP</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm47hllv0000avn0eg">DTR</a></li>
+<li><a data-toggle="tab" data-target="#b5vm47hllv0000avn0f0">Engine</a></li>
+<li><a data-toggle="tab" data-target="#b5vm47hllv0000avn0fg">UCP</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disnk0" class="tab-pane fade in active">
+<div id="b5vm47hllv0000avn0eg" class="tab-pane fade in active">
 All error messages generated via the configured logging mechanism of
 Docker Trusted Registry are displayed such that they meet the
 requirements of this control. Only users that are authorized the
 appropriate level of access can view these error messages.
+</ul>
 </div>
-<div id="b5vaphj5uce000disnkg" class="tab-pane fade">
+<div id="b5vm47hllv0000avn0f0" class="tab-pane fade">
 All error messages generated via the logging mechanisms of the Docker
 Enterprise Edition engine are displayed such that they meet the
 requirements of this control. Only users that are authorized the
 appropriate level of access can view these error messages.
 
+</ul>
 </div>
-<div id="b5vaphj5uce000disnl0" class="tab-pane fade">
+<div id="b5vm47hllv0000avn0fg" class="tab-pane fade">
 All error messages generated via the configured logging mechanism of
 Universal Control Plane are displayed such that they meet the
 requirements of this control. Only users that are authorized the
 appropriate level of access can view these error messages.
+</ul>
 </div>
 </div>
 
@@ -1017,11 +1021,11 @@ The information system implements [Assignment: organization-defined security saf
 **Implemenation Details:**
 
 <ul class="nav nav-tabs">
-<li class="active"><a data-toggle="tab" data-target="#b5vaphj5uce000disnlg">Engine</a></li>
+<li class="active"><a data-toggle="tab" data-target="#b5vm47hllv0000avn0g0">Engine</a></li>
 </ul>
 
 <div class="tab-content">
-<div id="b5vaphj5uce000disnlg" class="tab-pane fade in active">
+<div id="b5vm47hllv0000avn0g0" class="tab-pane fade in active">
 Docker Enterprise Edition can be installed on the following operating systems:
 CentOS 7.1&#43;, Red Hat Enterprise Linux 7.0&#43;, Ubuntu 14.04 LTS&#43;, and
 SUSE Linux Enterprise 12&#43;. In order to meet the requirements of this
@@ -1029,6 +1033,7 @@ control, reference the chosen operating system&#39;s security
 documentation for information regarding the protection of memory from
 unauthorized code execution.
 
+</ul>
 </div>
 </div>
 
diff --git a/docs/generator/generator.go b/docs/generator/generator.go
index ecb677b..2f58adb 100644
--- a/docs/generator/generator.go
+++ b/docs/generator/generator.go
@@ -112,7 +112,7 @@ func iterateControls(family string, familyTitle string, controls []XMLControl, i
 						id := xid.New()
 
 						// Format narratives
-						// **Need to clean up narrative links
+						// **Break out in to separate function
 						narratives := make([]string, len(satisfy.GetNarratives()))
 						narrativeLinks := []string{}
 						for _, narrative := range satisfy.GetNarratives() {
@@ -123,19 +123,20 @@ func iterateControls(family string, familyTitle string, controls []XMLControl, i
 								narrativeText = strings.Replace(narrativeText, "''", "'", -1)
 							}
 							narrativeLinksIndex := strings.Index(narrativeText, "- http")
-							if narrativeLinksIndex >= 0 {
-								narrativeLinks = strings.Split(narrativeText[narrativeLinksIndex:], "\n")
-								for i, link := range narrativeLinks {
-									if strings.Index(link, "- ") >= 0 {
-										narrativeLinks[i] = link[strings.Index(link, "- ")+2:]
+
+							if narrativeLinksIndex != -1 {
+								splitNarrativeFromLinks := strings.Split(narrativeText[narrativeLinksIndex:], "\n")
+								narrativeText = narrativeText[:narrativeLinksIndex]
+								for _, link := range splitNarrativeFromLinks {
+									linkIndex := strings.Index(link, "- ")
+									if linkIndex != -1 {
+										narrativeLinks = append(narrativeLinks, link[linkIndex+2:])
 									}
 								}
 							}
 							narratives = append(narratives, narrativeText)
 						}
 
-						fmt.Println(narrativeLinks)
-
 						markdownTemplateControl.Components = append(markdownTemplateControl.Components, MarkdownTemplateComponent{
 							ID:   id.String(),
 							Name: component.GetName(),
diff --git a/docs/generator/tmpl/80053.tmpl b/docs/generator/tmpl/80053.tmpl
index 1d05ce6..d42ba9b 100644
--- a/docs/generator/tmpl/80053.tmpl
+++ b/docs/generator/tmpl/80053.tmpl
@@ -86,7 +86,16 @@ will be rejected.
 {{else -}}
 <div id="{{ $component.ID }}" class="tab-pane fade">
 {{end -}}
-{{range $component.Narratives}}{{ . }}{{end}}
+{{range $component.Narratives -}}
+{{ . -}}
+{{end -}}
+{{if $component.NarrativeLinks}}
+<ul>
+{{range $component.NarrativeLinks -}}
+<li><a href="{{ . }}">{{ . }}</a></li>
+{{end -}}
+{{end}}
+</ul>
 </div>
 {{end -}}
 </div>
diff --git a/opencontrol/components/eNZi/component.yaml b/opencontrol/components/eNZi/component.yaml
index 1f7d9db..b70a6e1 100644
--- a/opencontrol/components/eNZi/component.yaml
+++ b/opencontrol/components/eNZi/component.yaml
@@ -21,11 +21,8 @@ satisfies:
           managed to enforce fine-grained access control. Supporting
           documentation can found at the following resources:
           
-          UCP:
           - https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/
           - https://docs.docker.com/datacenter/ucp/2.1/guides/admin/manage-users/permission-levels/
-          
-          DTR:
           - https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/
           - https://docs.docker.com/datacenter/dtr/2.2/guides/admin/manage-users/permission-levels/
     standard_key: NIST-800-53