Detections
Analytics

DISA MongoDB Enterprise Advanced 7.x STIG v1r1

Audit Details

Name: DISA MongoDB Enterprise Advanced 7.x STIG v1r1

Updated: 12/9/2024

Authority: DISA STIG

Plugin: MongoDB

Revision: 1.0

Estimated Item Count: 18

File Details

Filename: DISA_MongoDB_Enterprise_Advanced_7.x_STIG_v1r1_MongoDB.audit

Size: 52.3 kB

MD5: 9f506836af466915eec1ba3d560164b3
SHA256: 4fbf0046cfcef21fb10431a6858069d437f8432a46e1206499b681a40274ddab

Audit Items

DescriptionCategories
MD7X-00-000300 MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

ACCESS CONTROL

MD7X-00-002900 Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to MongoDB, etc.) must be owned by database/DBMS principals authorized for ownership.

CONFIGURATION MANAGEMENT

MD7X-00-003000 The role(s)/group(s) used to modify database structure (including but not limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to MongoDB, etc.) must be restricted to authorized users.

CONFIGURATION MANAGEMENT

MD7X-00-003600 MongoDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

IDENTIFICATION AND AUTHENTICATION

MD7X-00-004200 MongoDB must map the PKI-authenticated identity to an associated user account.

IDENTIFICATION AND AUTHENTICATION

MD7X-00-004500 MongoDB must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).

IDENTIFICATION AND AUTHENTICATION

MD7X-00-004600 MongoDB must separate user functionality (including user interface services) from database management functionality.

SYSTEM AND COMMUNICATIONS PROTECTION

MD7X-00-005700 MongoDB must check the validity of all data inputs except those specifically identified by the organization.

SYSTEM AND INFORMATION INTEGRITY

MD7X-00-006000 MongoDB must provide nonprivileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

SYSTEM AND INFORMATION INTEGRITY

MD7X-00-006100 MongoDB must reveal detailed error messages only to the information system security officer (ISSO), information system security manager (ISSM), system administrator (SA), and database administrator (DBA).

SYSTEM AND INFORMATION INTEGRITY

MD7X-00-006200 The DBMS must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

ACCESS CONTROL

MD7X-00-006400 MongoDB must associate organization-defined types of security labels having organization-defined security label values with information in storage.

ACCESS CONTROL

MD7X-00-006800 MongoDB must prevent nonprivileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

ACCESS CONTROL

MD7X-00-007700 MongoDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.

CONFIGURATION MANAGEMENT

MD7X-00-007800 MongoDB must enforce access restrictions associated with changes to the configuration of MongoDB or database(s).

CONFIGURATION MANAGEMENT

MD7X-00-008000 The DBMS must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

CONFIGURATION MANAGEMENT

MD7X-00-008300 MongoDB must use NSA-approved cryptography to protect classified information in accordance with the data owner's requirements.

SYSTEM AND COMMUNICATIONS PROTECTION

MD7X-00-009000 When invalid inputs are received, MongoDB must behave in a predictable and documented manner that reflects organizational and system objectives.

SYSTEM AND INFORMATION INTEGRITY