Skip to content
Log In

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000172-DB-000075

    Group
    Show

  • If passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords.

    The DoD standard for authentication is DoD-approved PKI certificates. Authentication based on User ID and Password may be used only when it is not possible to employ a PKI certificate, and require...
    Rule High Severity
    Show

  • SRG-APP-000211-DB-000122

    Group
    Show

  • MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

    Non-organizational users include all information system users other than organizational users, which include organizational employees or individuals the organization deems to have equivalent status...
    Rule Medium Severity
    Show

  • SRG-APP-000225-DB-000153

    Group
    Show

  • MongoDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.

    Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, ...
    Rule Medium Severity
    Show

  • SRG-APP-000243-DB-000373

    Group
    Show

  • MongoDB must prevent unauthorized and unintended information transfer via shared system resources.

    The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf...
    Rule Medium Severity
    Show

  • SRG-APP-000251-DB-000391

    Group
    Show

  • MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it.

    With respect to database management systems, one class of threat is known as SQL Injection, or more generally, code injection. It takes advantage of the dynamic execution capabilities of various pr...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules