MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

An XCCDF Rule

Details
Profiles

Description

ID: SV-265906r1028504_rule
Version: MD7X-00-000300
Severity: High
References: CCI-000213
Updated: about 2 months ago

Remediation Templates

Use the following statements to add and remove permissions on MongoDB server securables, bringing them into line with the documented requirements:

createRole(), 
updateRole(), 
dropRole(), 
grantRolesToUser()
MongoDB commands for role management can be found here:
https://www.mongodb.com/docs/v7.0/reference/method/js-role-management/

MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Description

Remediation Templates

A Manual Procedure