| 2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.1 Ensure that Role-based access control (RBAC) is enabled and configured | CIS MongoDB 3.6 Database Audit L1 v1.1.0 | MongoDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure that role-based access control is enabled and configured appropriately | CIS MongoDB 3.4 Database Audit L1 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.1 Ensure that role-based access control is enabled and configured appropriately | CIS MongoDB 3.2 Database Audit L1 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | |
| 3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - clusterAdmin | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - clusterAdmin | CIS MongoDB 3.4 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - dbAdminAnyDatabase | CIS MongoDB 3.6 Database Audit L1 v1.1.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - dbAdminAnyDatabase | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - dbOwner | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - hostManager | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - readWriteAnyDatabase | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - userAdmin | CIS MongoDB 3.6 Database Audit L1 v1.1.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - userAdminAnyDatabase | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - userAdminAnyDatabase | CIS MongoDB 3.4 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB 3.2 L2 Windows Audit v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 3.2 L2 Windows Audit v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 3.4 L2 Windows Audit v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.6 L1 Windows Audit v1.1.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 3.6 L2 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 6.3 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 3.6 L2 Windows Audit v1.1.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 3.4 L2 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.1 Ensure authentication file permissions are set correctly | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 7.1 Ensure that key file permissions are set correctly | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.7 Check Permissions on User Home Directories | CIS Solaris 11.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.8 Check Permissions on User "." (Hidden) Files | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.9 Check Permissions on User .netrc Files | CIS Solaris 11 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.13 Check That Defined Home Directories Exist | CIS Solaris 11.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.13 Check That Defined Home Directories Exist | CIS Solaris 11 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.14 Check User Home Directory Ownership | CIS Solaris 11 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.14 Check User Home Directory Ownership | CIS Solaris 11.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.15 Check User Home Directory Ownership | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| EX13-EG-000160 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD3X-00-000530 - MongoDB must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
| MD4X-00-002800 - MongoDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-004200 - MongoDB must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
| MD7X-00-006000 MongoDB must provide nonprivileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | MongoDB | SYSTEM AND INFORMATION INTEGRITY |
| MD7X-00-007200 MongoDB must allocate audit record storage capacity in accordance with site audit record storage requirements. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
