| 1.1 Ensure the appropriate MongoDB software version/patches are installed | CIS MongoDB 3.6 Database Audit L1 v1.1.0 | MongoDB | SYSTEM AND SERVICES ACQUISITION |
| 2.1 Ensure that authentication is enabled for MongoDB databases | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Ensure an industry standard authentication mechanism is used - authorization | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Ensure an industry standard authentication mechanism is used - mode | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Review Superuser/Admin Roles - dbAdminAnyDatabase | CIS MongoDB 3.4 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - dbOwner | CIS MongoDB 3.4 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - hostManager | CIS MongoDB 3.4 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - hostManager | CIS MongoDB 3.6 Database Audit L1 v1.1.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - userAdmin | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 4.1 Ensure TLS or SSL protects all network communications | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Ensure that system activity is audited | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS CentOS Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.4 Ensure the audit log directory is 0750 or more restrictive | CIS Amazon Linux 2023 Server L2 v1.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1 Mongodb Database Running with Least Privileges | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 6.1 Mongodb Database Running with Least Privileges | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.4.4 Ensure the audit log file directory mode is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.4 Ensure the audit log file directory mode is configured | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 3.6 L2 Unix Audit v1.1.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.3.4.1 Ensure the audit log file directory mode is configured | CIS Rocky Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.1 Ensure the audit log file directory mode is configured | CIS Oracle Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.4 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.4.4.4 Ensure the audit log file directory mode is configured | CIS Debian Linux 11 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1 Ensure that key file permissions are set correctly | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.2 Ensure that database file permissions are set correctly | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Filter established connections | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| PPS9-00-001200 - The EDB Postgres Advanced Server must generate audit records when privileges/permissions are retrieved. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-001800 - The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish where the events occurred. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-002100 - The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-002200 - The EDB Postgres Advanced Server must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-003700 - Default, demonstration and sample databases, database objects, and applications must be removed. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| PPS9-00-006400 - The EDB Postgres Advanced Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-006500 - The EDB Postgres Advanced Server must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-007100 - The EDB Postgres Advanced Server must associate organization-defined types of security labels having organization-defined security label values with information in transmission. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| PPS9-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| PPS9-00-008100 - The EDB Postgres Advanced Server must provide an immediate real-time alert to appropriate support staff of all audit log failures. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-010000 - The EDB Postgres Advanced Server must generate audit records when security objects are accessed. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-010200 - The DBMS must generate audit records when categories of information (e.g., classification levels/security levels) are accessed. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-010500 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to add privileges/permissions occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-011300 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to delete privileges/permissions occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-012100 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-012200 - The EDB Postgres Advanced Server must generate audit records showing starting and ending time for user access to the database(s) - s. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-012400 - The EDB Postgres Advanced Server must be able to generate audit records when successful accesses to objects occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-012500 - The EDB Postgres Advanced Server must generate audit records when unsuccessful accesses to objects occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-012600 - The EDB Postgres Advanced Server must generate audit records for all direct access to the database(s). | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
