1.1 Ensure the appropriate MongoDB software version/patches are installed | CIS MongoDB 3.6 Database Audit L1 v1.1.0 | MongoDB | SYSTEM AND SERVICES ACQUISITION |
2.1 Ensure that authentication is enabled for MongoDB databases | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
2.1 Ensure that authentication is enabled for MongoDB databases | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
2.4 Ensure an industry standard authentication mechanism is used - authorization | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
2.4 Ensure an industry standard authentication mechanism is used - mode | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2 Ensure that MongoDB only listens for network connections on authorized interfaces | CIS MongoDB 3.6 L1 Windows Audit v1.1.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
3.6 Review Superuser/Admin Roles - dbAdminAnyDatabase | CIS MongoDB 3.4 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
3.6 Review Superuser/Admin Roles - dbOwner | CIS MongoDB 3.4 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
3.6 Review Superuser/Admin Roles - hostManager | CIS MongoDB 3.4 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
3.6 Review Superuser/Admin Roles - hostManager | CIS MongoDB 3.6 Database Audit L1 v1.1.0 | MongoDB | ACCESS CONTROL |
3.6 Review Superuser/Admin Roles - userAdmin | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
4.1 Ensure TLS or SSL protects all network communications | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.6 L2 Windows Audit v1.1.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
5.1 Ensure that system activity is audited | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
5.2 Ensure that audit filters are configured properly | CIS MongoDB 3.6 L1 Windows Audit v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS Rocky Linux 8 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.4.4 Ensure the audit log directory is 0750 or more restrictive | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS Debian 10 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.4.9 Ensure audit tools are owned by root | CIS Amazon Linux 2023 Server L2 v1.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.4.9 Ensure audit tools are owned by root | CIS Debian 10 Server L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.4.10 Ensure audit tools belong to group root | CIS Debian 10 Server L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.2.4.10 Ensure audit tools belong to group root | CIS Debian 10 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.3 Ensure that logging captures as much information as possible | CIS MongoDB 3.6 L1 Windows Audit v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 3.6 L1 Windows Audit v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
6.1 Mongodb Database Running with Least Privileges | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
6.2.4.4 Ensure the audit log file directory mode is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
6.2.4.8 Ensure audit tools mode is configured | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
6.3 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
6.3 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 3.6 L2 Unix Audit v1.1.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
6.3.4.8 Ensure audit tools mode is configured | CIS AlmaLinux OS 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
6.3.4.8 Ensure audit tools mode is configured | CIS AlmaLinux OS 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
6.3.4.9 Ensure audit tools owner is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
6.3.4.10 Ensure audit tools group owner is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
6.3.4.10 Ensure audit tools group owner is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
6.4 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
6.4 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 3.4 L2 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
6.4.4.4 Ensure the audit log file directory mode is configured | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
7.2 Ensure that database file permissions are set correctly | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
7.2 Ensure that database file permissions are set correctly | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
UBTU-18-010305 - The Ubuntu operating system must be configured so that audit log files cannot be read or write-accessible by unauthorized users. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
UBTU-18-010307 - The Ubuntu operating system must permit only authorized groups to own the audit log files. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
UBTU-24-901300 - Ubuntu 24.04 LTS must be configured so that audit log files are not read or write-accessible by unauthorized users. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |