Seems we do not check the value in /etc/docker/daemon.json file.

So if we configured there
"no-new-privileges": true

This is not checked during the compliance check and provides a fail result.