MD8X-00-014100 - MongoDB must provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.

Information

A Trusted Platform Module (TPM) is an example of a hardware-protected data store that can be used to protect cryptographic keys.

Solution

Check the MongoDB configuration file (default location /etc/mongod.conf) for a key named "net.tls.CAFile".

Example shown below:

net:
tls:
mode: requireTLS
certificateKeyFile: /etc/ssl/mongodb.pem
CAFile: /etc/ssl/caToValidateClientCertificates.pem
ocsp:
enabled: true
responderURL: <your organization's OCSP responder URL>

Run the following commands on the file indicated by this key:

chmod 600 /etc/ssl/caToValidateClientCertificates.pem

Item Details

Audit Name: DISA MongoDB Enterprise Advanced 8.x STIG v1r1 Unix

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Plugin: Unix

Control ID: 78d7a07b25a4efc9a6397a6476e90ea53795ade2314af99ba8faae09c0810e5e

Detections

Analytics

MD8X-00-014100 - MongoDB must provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.

Information

Solution

See Also

Item Details