Detections
Analytics

DISA STIG MongoDB Enterprise Advanced 4.x v1r1 OS

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG MongoDB Enterprise Advanced 4.x v1r1 OS

Updated: 4/12/2023

Authority: DISA STIG

Plugin: Unix

Revision: 1.5

Estimated Item Count: 49

File Details

Filename: DISA_STIG_MongoDB_Enterprise_Advanced_4.x_OS_v1r1.audit

Size: 128 kB

MD5: 45681728127dabe2ee2bbeccf0492a8d
SHA256: ea72a62a6d530481032396c09b72fbb46ae7842c3c13d1dad8c2dd311bdea3ab

Audit Items

DescriptionCategories
DISA_STIG_MongoDB_Enterprise_Advanced_4.x_OS_v1r1.audit from DISA MongoDB Enterprise Advanced 4.x v1r1 STIG
MD4X-00-000100 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.
MD4X-00-000200 - The audit information produced by MongoDB must be protected from unauthorized access.
MD4X-00-000300 - MongoDB must protect its audit features from unauthorized access.
MD4X-00-000400 - Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled.
MD4X-00-000500 - Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled.
MD4X-00-000600 - If passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords. - allowConnectionsWithoutCertificates
MD4X-00-000600 - If passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords. - allowInvalidCertificates
MD4X-00-000600 - If passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords. - CAFile
MD4X-00-000600 - If passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords. - certificateKeyFile
MD4X-00-000600 - If passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords. - mode
MD4X-00-000800 - MongoDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
MD4X-00-000900 - MongoDB must prevent unauthorized and unintended information transfer via shared system resources. - .conf file
MD4X-00-000900 - MongoDB must prevent unauthorized and unintended information transfer via shared system resources. - Data Dir
MD4X-00-001000 - MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it.
MD4X-00-001300 - MongoDB must use NIST FIPS 140-2-validated cryptographic modules for cryptographic operations.
MD4X-00-001400 - MongoDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
MD4X-00-001550 - MongoDB must limit the total number of concurrent connections to the database.
MD4X-00-001600 - MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. - authorization
MD4X-00-001600 - MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. - LDAP Server
MD4X-00-002100 - MongoDB software installation account must be restricted to authorized users.
MD4X-00-002200 - Database software, including DBMS configuration files, must be stored in dedicated directories, or DASD pools, separate from the host OS and other applications.
MD4X-00-002600 - Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled. - enabled
MD4X-00-002600 - Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled. - JSONPEnabled
MD4X-00-002600 - Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled. - RESTInterfaceEnabled
MD4X-00-002800 - MongoDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
MD4X-00-002950 - If passwords are used for authentication, MongoDB must implement LDAP or Kerberos for authentication to enforce the DoD standards for password complexity and lifetime.
MD4X-00-003000 - If passwords are used for authentication, MongoDB must store only hashed, salted representations of passwords.
MD4X-00-003100 - MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB. - CAFile
MD4X-00-003100 - MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB. - PEMKeyFile
MD4X-00-003300 - MongoDB must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
MD4X-00-003700 - MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
MD4X-00-003800 - MongoDB must protect the confidentiality and integrity of all information at rest.
MD4X-00-004000 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.
MD4X-00-004100 - MongoDB must check the validity of all data inputs except those specifically identified by the organization.
MD4X-00-004200 - MongoDB must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
MD4X-00-004300 - MongoDB must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA.
MD4X-00-004400 - MongoDB must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
MD4X-00-004800 - MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB.
MD4X-00-004900 - MongoDB must allocate audit record storage capacity in accordance with site audit record storage requirements.
MD4X-00-005000 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.
MD4X-00-005600 - MongoDB must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.
MD4X-00-005700 - MongoDB must prohibit the use of cached authenticators after an organization-defined time period.
MD4X-00-005800 - MongoDB must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
MD4X-00-006000 - MongoDB must maintain the confidentiality and integrity of information during preparation for transmission.
MD4X-00-006100 - MongoDB must maintain the confidentiality and integrity of information during reception.
MD4X-00-006300 - When updates are applied to MongoDB software, any software components that have been replaced or made unnecessary must be removed.
MD4X-00-006400 - Security-relevant software updates to MongoDB must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
MD4X-00-006600 - MongoDB must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs.