| 1.1 Ensure the appropriate MongoDB software version/patches are installed | CIS MongoDB 3.4 Database Audit L1 v1.0.0 | MongoDB | CONFIGURATION MANAGEMENT |
| 2.1 Ensure that authentication is enabled for MongoDB databases | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Ensure an industry standard authentication mechanism is used - authorization | CIS MongoDB 3.4 L2 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Ensure an industry standard authentication mechanism is used - authorization | CIS MongoDB 3.4 L2 Windows Audit v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.1 Ensure that role-based access control is enabled and configured appropriately | CIS MongoDB 3.2 Database Audit L1 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.1.6 Ensure the log file permissions are set correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 3.1.6 Ensure the log file permissions are set correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | |
| 3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges | CIS MongoDB 3.4 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges | CIS MongoDB 3.6 Database Audit L2 v1.1.0 | MongoDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Review Superuser/Admin Roles - clusterAdmin | CIS MongoDB 3.6 Database Audit L1 v1.1.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - dbAdminAnyDatabase | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - dbOwner | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - dbOwner | CIS MongoDB 3.6 Database Audit L1 v1.1.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - readWriteAnyDatabase | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - userAdminAnyDatabase | CIS MongoDB 3.6 Database Audit L1 v1.1.0 | MongoDB | ACCESS CONTROL |
| 4.1 Ensure TLS or SSL protects all network communications | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Ensure that system activity is audited | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.9 Ensure audit tools are owned by root | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Red Hat EL8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB 3.2 L2 Windows Audit v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB 3.4 L2 Windows Audit v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.10 Ensure the Guest Home Folder Does Not Exist | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.3 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 3.4 L2 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure that database file permissions are set correctly | CIS MongoDB 3.6 L1 Windows Audit v1.1.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| O112-C2-003500 - The DBMS must restrict grants to sensitive information to authorized user roles. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | ACCESS CONTROL |
| OL08-00-030090 - OL 8 audit logs must be group-owned by root to prevent unauthorized read access. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030100 - The OL 8 audit log directory must be owned by root to prevent unauthorized read access. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030110 - The OL 8 audit log directory must be group-owned by root to prevent unauthorized read access. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-000800 - The EDB Postgres Advanced Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| PPS9-00-001000 - The EDB Postgres Advanced Server must provide audit record generation capability for DoD-defined auditable events within all EDB Postgres Advanced Server/database components. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-006300 - The EDB Postgres Advanced Server and associated applications must reserve the use of dynamic code execution for situations that require it. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-010800 - The EDB Postgres Advanced Server must generate audit records when security objects are modified. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-010900 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to modify security objects occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-011000 - Audit records must be generated when categorized information (e.g., classification levels/security levels) is created. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-011900 - The EDB Postgres Advanced Server must generate audit records when unsuccessful logons or connection attempts occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-012000 - The EDB Postgres Advanced Server must generate audit records for all privileged activities or other system-level access. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010123 - The Ubuntu operating system must be configured to permit only authorized users ownership of the audit log files. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010124 - The Ubuntu operating system must permit only authorized groups ownership of the audit log files. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
