| DISA_MongoDB_Enterprise_Advanced_7.x_STIG_v1r1_Unix.audit from DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | |
| MD7X-00-000150 MongoDB must limit the total number of concurrent connections to the database. | ACCESS CONTROL |
| MD7X-00-000200 MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | ACCESS CONTROL |
| MD7X-00-000400 MongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components. | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| MD7X-00-002000 The audit information produced by MongoDB must be protected from unauthorized access. | AUDIT AND ACCOUNTABILITY |
| MD7X-00-002300 MongoDB must protect its audit features from unauthorized access. | AUDIT AND ACCOUNTABILITY |
| MD7X-00-002600 MongoDB must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to MongoDB. | CONFIGURATION MANAGEMENT |
| MD7X-00-002700 MongoDB software installation account must be restricted to authorized users. | CONFIGURATION MANAGEMENT |
| MD7X-00-002800 Database software, including DBMS configuration files, must be stored in dedicated directories, or DASD pools, separate from the host OS and other applications. | CONFIGURATION MANAGEMENT |
| MD7X-00-003200 Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled. | CONFIGURATION MANAGEMENT |
| MD7X-00-003800 If passwords are used for authentication, MongoDB must store only hashed, salted representations of passwords. | IDENTIFICATION AND AUTHENTICATION |
| MD7X-00-003900 If passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords. | IDENTIFICATION AND AUTHENTICATION |
| MD7X-00-004100 MongoDB must enforce authorized access to all PKI private keys stored/used by MongoDB. | IDENTIFICATION AND AUTHENTICATION |
| MD7X-00-004300 MongoDB must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | IDENTIFICATION AND AUTHENTICATION |
| MD7X-00-004400 MongoDB must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-004900 MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-005200 MongoDB must protect the confidentiality and integrity of all information at rest. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-005400 Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-005500 MongoDB must prevent unauthorized and unintended information transfer via shared system resources. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-005800 MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it. | SYSTEM AND INFORMATION INTEGRITY |
| MD7X-00-006700 MongoDB must enforce discretionary access control (DAC) policies, as defined by the data owner, over defined subjects and objects. | ACCESS CONTROL |
| MD7X-00-007200 MongoDB must allocate audit record storage capacity in accordance with site audit record storage requirements. | AUDIT AND ACCOUNTABILITY |
| MD7X-00-007300 MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. | AUDIT AND ACCOUNTABILITY |
| MD7X-00-007400 MongoDB must provide an immediate real-time alert to appropriate support staff of all audit log failures. | AUDIT AND ACCOUNTABILITY |
| MD7X-00-007700 MongoDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | CONFIGURATION MANAGEMENT |
| MD7X-00-008400 MongoDB must only accept end entity certificates issued by DOD PKI or DOD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-008500 MongoDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-008800 MongoDB must maintain the confidentiality and integrity of information during preparation for transmission. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-008900 MongoDB must maintain the confidentiality and integrity of information during reception. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-009100 When updates are applied to MongoDB software, any software components that have been replaced or made unnecessary must be removed. | SYSTEM AND INFORMATION INTEGRITY |
| MD7X-00-009200 Security-relevant software updates to MongoDB must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | SYSTEM AND INFORMATION INTEGRITY |
| MD7X-00-009300 MongoDB products must be a supported version. | SYSTEM AND INFORMATION INTEGRITY |
| MD7X-00-012400 MongoDB must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for standalone systems. | AUDIT AND ACCOUNTABILITY |
| MD7X-00-012500 MongoDB must be configured in accordance with the security configuration settings based on DOD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | CONFIGURATION MANAGEMENT |
