| DISA_STIG_MongoDB_Enterprise_Advanced_8.x_v1r1_Unix.audit from DISA MongoDB Enterprise Advanced 8.x STIG v1r1 | |
| MD8X-00-000150 - MongoDB must limit the total number of concurrent connections to the database. | ACCESS CONTROL |
| MD8X-00-000200 - MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | ACCESS CONTROL |
| MD8X-00-000400 - MongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components. | AUDIT AND ACCOUNTABILITY |
| MD8X-00-002000 - The audit information produced by MongoDB must be protected from unauthorized access, modification, and deletion. | AUDIT AND ACCOUNTABILITY |
| MD8X-00-002300 - MongoDB must protect its audit features from unauthorized access, modification, and removal. | AUDIT AND ACCOUNTABILITY |
| MD8X-00-002400 - MongoDB must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to MongoDB. | CONFIGURATION MANAGEMENT |
| MD8X-00-002500 - MongoDB software installation account must be restricted to authorized users. | CONFIGURATION MANAGEMENT |
| MD8X-00-002600 - MongoDB database software, including configuration files, must be stored in dedicated directories, or DASD pools, separate from the host OS and other applications. | CONFIGURATION MANAGEMENT |
| MD8X-00-003000 - Unused database components, MongoDB software, and database objects must be removed. | CONFIGURATION MANAGEMENT |
| MD8X-00-003300 - MongoDB must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | CONFIGURATION MANAGEMENT |
| MD8X-00-003700 - If passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords. | IDENTIFICATION AND AUTHENTICATION |
| MD8X-00-003900 - MongoDB must enforce authorized access to all PKI private keys stored/used by the DBMS. | IDENTIFICATION AND AUTHENTICATION |
| MD8X-00-004100 - MongoDB must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MD8X-00-004200 - MongoDB must use NIST FIPS 140-2/140-3 validated cryptographic modules for cryptographic operations. | IDENTIFICATION AND AUTHENTICATION |
| MD8X-00-004700 - MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD8X-00-005000 - MongoDB must protect the confidentiality and integrity of all information at rest. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD8X-00-005400 - Access to database files must be limited to relevant processes and to authorized, administrative users. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD8X-00-005600 - MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it. | SYSTEM AND INFORMATION INTEGRITY |
| MD8X-00-006050 - MongoDB must terminate a user session after organization-defined conditions or trigger events requiring session disconnect via a scheduled script. | ACCESS CONTROL |
| MD8X-00-006500 - MongoDB must enforce Discretionary Access Control (DAC) policies, as defined by the data owner, over defined subjects and objects. | ACCESS CONTROL |
| MD8X-00-006900 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. | AUDIT AND ACCOUNTABILITY |
| MD8X-00-007700 - MongoDB must require users to reauthenticate when organization-defined circumstances or situations require reauthentication. | IDENTIFICATION AND AUTHENTICATION |
| MD8X-00-008000 - MongoDB must only accept end entity certificates issued by DOD PKI or DOD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD8X-00-008100 - MongoDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD8X-00-008400 - MongoDB must maintain the confidentiality and integrity of information during preparation for transmission. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD8X-00-008700 - When updates are applied to MongoDB software, any software components that have been replaced or made unnecessary must be removed. | SYSTEM AND INFORMATION INTEGRITY |
| MD8X-00-008800 - Security-relevant software updates to MongoDB must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | SYSTEM AND INFORMATION INTEGRITY |
| MD8X-00-008900 - MongoDB must be a version supported by the vendor. | SYSTEM AND SERVICES ACQUISITION |
| MD8X-00-012100 - MongoDB must off-load audit data to a separate log management facility; this shall be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | AUDIT AND ACCOUNTABILITY |
| MD8X-00-012200 - MongoDB must be configured in accordance with the security configuration settings based on DOD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | CONFIGURATION MANAGEMENT |
| MD8X-00-012700 - MongoDB must prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate recognized and approved by the organization. | CONFIGURATION MANAGEMENT |
| MD8X-00-012800 - MongoDB must require users to be individually authenticated before granting access to the shared accounts or resources. | IDENTIFICATION AND AUTHENTICATION |
| MD8X-00-013800 - MongoDB must, for public key-based authentication, implement a local cache of revocation data to support path discovery and validation. | IDENTIFICATION AND AUTHENTICATION |
| MD8X-00-014000 - MongoDB must include only approved trust anchors in trust stores or certificate stores managed by the organization. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD8X-00-014100 - MongoDB must provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store. | SYSTEM AND COMMUNICATIONS PROTECTION |
