Skip to content
Log In

MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.

    Applications, including DBMSs, must prevent unauthorized and unintended information transfer via shared system resources. Data used for the development and testing of applications often involves c...
    Rule Medium Severity
    Show

  • SRG-APP-000243-DB-000373

    Group
    Show

  • SRG-APP-000177-DB-000069

    Group
    Show

  • MongoDB must map the PKI-authenticated identity to an associated user account.

    The DOD standard for authentication is DOD-approved PKI certificates. Once a PKI certificate has been validated, it must be mapped to a DBMS user account for the authenticated identity to be meanin...
    Rule Medium Severity
    Show

  • SRG-APP-000178-DB-000083

    Group
    Show

  • SRG-APP-000179-DB-000114

    Group
    Show

  • MongoDB must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations.

    Use of weak or not validated cryptographic algorithms undermines the purposes of using encryption and digital signatures to protect data. Weak algorithms can be easily broken and not validated cryp...
    Rule High Severity
    Show

  • SRG-APP-000180-DB-000115

    Group
    Show

  • SRG-APP-000211-DB-000122

    Group
    Show

  • MongoDB must separate user functionality (including user interface services) from database management functionality.

    Information system management functionality includes functions necessary to administer databases, network components, workstations, or servers and typically requires privileged user access. The se...
    Rule Medium Severity
    Show

  • SRG-APP-000224-DB-000384

    Group
    Show

  • MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

    One class of man-in-the-middle, or session hijacking, attack involves the adversary guessing at valid session identifiers based on patterns in identifiers already known. The preferred technique fo...
    Rule Medium Severity
    Show

  • SRG-APP-000231-DB-000154

    Group
    Show

  • MongoDB must protect the confidentiality and integrity of all information at rest.

    This control is intended to address the confidentiality and integrity of information at rest in nonmobile devices and covers user information and system information. Information at rest refers to t...
    Rule High Severity
    Show

  • SRG-APP-000243-DB-000128

    Group
    Show

  • SRG-APP-000251-DB-000160

    Group
    Show

  • MongoDB must check the validity of all data inputs except those specifically identified by the organization.

    Invalid user input occurs when a user inserts data or characters into an application's data entry fields and the application is unprepared to process that data. This results in unanticipated applic...
    Rule Medium Severity
    Show

  • SRG-APP-000251-DB-000391

    Group
    Show

  • MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it.

    With respect to database management systems, one class of threat is known as SQL Injection, or more generally, code injection. It takes advantage of the dynamic execution capabilities of various pr...
    Rule Medium Severity
    Show

  • SRG-APP-000266-DB-000162

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules