MD8X-00-012700 - MongoDB must prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate recognized and approved by the organization.

Information

Software and firmware components prevented from installation unless signed with recognized and approved certificates include software and firmware version updates, patches, service packs, device drivers, and basic input/output system updates. Organizations can identify applicable software and firmware components by type, by specific items, or a combination of both. Digital signatures and organizational verification of such signatures is a method of code authentication.

Solution

Ensure the MongoDB repository is configured according to the official documentation.

Install any missing or outdated components by running the command:

$ sudo yum update --repo mongodb-enterprise-8.0

Restart the MongoDB service:

$ sudo systemctl restart mongod

The YUM method is the preferred method because it provides automatic dependency management, built-in rollback support, and simplified security updates. These features reduce the risk of misconfiguration and ensure a more stable and secure environment that is easier to maintain and keep compliant.

For additional details, refer to the MongoDB documentation:
https://www.mongodb.com/docs/v8.0/tutorial/install-mongodb-enterprise-on-red-hat/

Item Details

Audit Name: DISA MongoDB Enterprise Advanced 8.x STIG v1r1 Unix

Category: CONFIGURATION MANAGEMENT

Plugin: Unix

Control ID: 397061f06ed22da2b612afd5975f86285deecf8cd1a08935404d40a562202326

Detections

Analytics

MD8X-00-012700 - MongoDB must prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate recognized and approved by the organization.

Information

Solution

See Also

Item Details