| 1.1 Ensure the appropriate MongoDB software version/patches are installed | CIS MongoDB 3.2 Database Audit L1 v1.0.0 | MongoDB | CONFIGURATION MANAGEMENT |
| 1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Amazon Linux 2023 Server L1 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.1 Ensure that authentication is enabled for MongoDB databases | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Ensure an industry standard authentication mechanism is used - clusterAuthMode | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - clusterAdmin | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Ensure that system activity is audited | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Debian 10 Server L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Debian 10 Workstation L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Debian Linux 11 v2.0.0 L2 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-030650 - OL 8 must use cryptographic mechanisms to protect the integrity of audit tools. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-001300 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-001400 - The EDB Postgres Advanced Server must initiate support of session auditing upon startup. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-001600 - The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish what type of events occurred. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-002000 - The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-003300 - The EDB Postgres Advanced Server software installation account must be restricted to authorized users. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| PPS9-00-003500 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to the EDB Postgres Advanced Server, etc.) must be owned by database/EDB Postgres Advanced Server principals authorized for ownership. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| PPS9-00-004810 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-007400 - The EDB Postgres Advanced Server must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| PPS9-00-009700 - When invalid inputs are received, the EDB Postgres Advanced Server must behave in a predictable and documented manner that reflects organizational and system objectives. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-010100 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to access security objects occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-011050 - Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-011400 - The EDB Postgres Advanced Server must generate audit records when security objects are deleted. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-013000 - The EDB Postgres Advanced Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| SLES-15-030630 - The SUSE operating system file integrity tool must be configured to protect the integrity of the audit tools. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000500 - The Application event log size must be configured to 32768 KB or greater. | DISA Microsoft Windows 10 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000510 - The System event log size must be configured to 32768 KB or greater. | DISA Microsoft Windows 10 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN11-AU-000500 - The Application event log size must be configured to 32768 KB or greater. | DISA Microsoft Windows 11 STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| WN11-AU-000510 - The System event log size must be configured to 32768 KB or greater. | DISA Microsoft Windows 11 STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
