Detections
Analytics

DISA STIG MongoDB Enterprise Advanced 4.x v1r2 DB

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG MongoDB Enterprise Advanced 4.x v1r2 DB

Updated: 6/17/2024

Authority: DISA STIG

Plugin: MongoDB

Revision: 1.2

Estimated Item Count: 14

Audit Items

DescriptionCategories
DISA_STIG_MongoDB_Enterprise_Advanced_4.x_DB_v1r2.audit from DISA MongoDB Enterprise Advanced 4.x v1r2 STIG
MD4X-00-000700 - MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
MD4X-00-001100 - MongoDB must associate organization-defined types of security labels having organization-defined security label values with information in storage and transmission.
MD4X-00-001200 - MongoDB must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.
MD4X-00-001700 - MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
MD4X-00-002000 - MongoDB must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to MongoDB.
MD4X-00-002300 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to MongoDB, etc.) must be owned by database/DBMS principals authorized for ownership.
MD4X-00-002400 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to MongoDB, etc.) must be restricted to authorized users.
MD4X-00-003200 - MongoDB must map the PKI-authenticated identity to an associated user account.
MD4X-00-003400 - MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
MD4X-00-005300 - MongoDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.
MD4X-00-005400 - MongoDB must enforce access restrictions associated with changes to the configuration of MongoDB or database(s).
MD4X-00-006200 - When invalid inputs are received, MongoDB must behave in a predictable and documented manner that reflects organizational and system objectives.
MD4X-00-006500 - MongoDB products must be a version supported by the vendor.