Skip to content
Log In

MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB.

    Without the ability to centrally manage the content captured in the audit records, identification, troubleshooting, and correlation of suspicious behavior would be difficult and could lead to a del...
    Rule Medium Severity
    Show

  • SRG-APP-000357-DB-000316

    Group
    Show

  • SRG-APP-000359-DB-000319

    Group
    Show

  • MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.

    Organizations are required to use a central log management system; so, under normal conditions, the audit space allocated to MongoDB on its own server will not be an issue. However, space will stil...
    Rule Medium Severity
    Show

  • SRG-APP-000378-DB-000365

    Group
    Show

  • SRG-APP-000380-DB-000360

    Group
    Show

  • MongoDB must enforce access restrictions associated with changes to the configuration of MongoDB or database(s).

    Failure to provide logical access restrictions associated with changes to configuration may have significant effects on the overall security of the system. When dealing with access restrictions pe...
    Rule Medium Severity
    Show

  • SRG-APP-000389-DB-000372

    Group
    Show

  • SRG-APP-000400-DB-000367

    Group
    Show

  • MongoDB must prohibit the use of cached authenticators after an organization-defined time period.

    If cached authentication information is out-of-date, the validity of the authentication information may be questionable.
    Rule Medium Severity
    Show

  • SRG-APP-000427-DB-000385

    Group
    Show

  • SRG-APP-000441-DB-000378

    Group
    Show

  • MongoDB must maintain the confidentiality and integrity of information during preparation for transmission.

    Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, an...
    Rule Medium Severity
    Show

  • SRG-APP-000442-DB-000379

    Group
    Show

  • MongoDB must maintain the confidentiality and integrity of information during reception.

    Information can be either unintentionally or maliciously disclosed or modified during reception, including, for example, during aggregation, at protocol transformation points, and during packing/un...
    Rule Medium Severity
    Show

  • SRG-APP-000447-DB-000393

    Group
    Show

  • SRG-APP-000454-DB-000389

    Group
    Show

  • When updates are applied to MongoDB software, any software components that have been replaced or made unnecessary must be removed.

    Previous versions of DBMS components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some DBMSs' installation tools may remove o...
    Rule Medium Severity
    Show

  • SRG-APP-000456-DB-000390

    Group
    Show

  • Security-relevant software updates to MongoDB must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

    Security flaws with software applications, including database management systems, are discovered daily. Vendors are constantly updating and patching their products to address newly discovered secur...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules