DISA STIG MongoDB Enterprise Advanced 3.x v2r3 DB

Audit Details

Name: DISA STIG MongoDB Enterprise Advanced 3.x v2r3 DB

Updated: 8/26/2024

Authority: DISA STIG

Plugin: MongoDB

Revision: 1.0

Estimated Item Count: 12

File Details

Filename: DISA_STIG_MongoDB_Enterprise_Advanced_3.x_DB_v2r3.audit

Size: 31.6 kB

MD5: d1bb7d7c74283708b241d0fd524457a0
SHA256: d00780bc2fda459a83de6db184e440b7ccfc5a2455a12c2988cfba8e95a8cb3d

Audit Items

DescriptionCategories
DISA_STIG_MongoDB_Enterprise_Advanced_3.x_DB_v2r3.audit from DISA MongoDB Enterprise Advanced 3.x v2r3 STIG
MD3X-00-000020 - MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

ACCESS CONTROL

MD3X-00-000270 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to MongoDB, etc.) must be restricted to authorized users.

CONFIGURATION MANAGEMENT

MD3X-00-000310 - MongoDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

IDENTIFICATION AND AUTHENTICATION

MD3X-00-000370 - MongoDB must map the PKI-authenticated identity to an associated user account.

IDENTIFICATION AND AUTHENTICATION

MD3X-00-000390 - MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

MD3X-00-000540 - MongoDB must associate organization-defined types of security labels having organization-defined security label values with information in storage.

ACCESS CONTROL

MD3X-00-000570 - MongoDB must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.

ACCESS CONTROL

MD3X-00-000650 - MongoDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.

CONFIGURATION MANAGEMENT

MD3X-00-000670 - MongoDB must enforce access restrictions associated with changes to the configuration of MongoDB or database(s).

CONFIGURATION MANAGEMENT

MD3X-00-000780 - When invalid inputs are received, MongoDB must behave in a predictable and documented manner that reflects organizational and system objectives.

SYSTEM AND INFORMATION INTEGRITY

MD3X-00-001200 - MongoDB products must be a version supported by the vendor.

SYSTEM AND SERVICES ACQUISITION