1.1 Ensure the appropriate MongoDB software version/patches are installed

Information

The MongoDB installation version, along with the patch level, should be the most recent that is compatible with the organization's operational needs. In addition, regularly view latest minor security patch updates for security vulnerability fixes (CVE Related) from MongoDB website: https://www.mongodb.com/alerts

Rationale:

Using the most recent MongoDB software version along with all applicable patches, helps limit the possibilities for vulnerabilities in the software. The installation version and/or patches applied should be selected according to the needs of the organization. At a minimum, the software version should be supported.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Upgrade to the latest version of the MongoDB software:

Backup the data set.

Download the binaries for the latest MongoDB revision from the MongoDB Download Page and store the binaries in a temporary location. The binaries download as compressed files that extract to the directory structure used by the MongoDB installation.

Shutdown the MongoDB instance.

Replace the existing MongoDB binaries with the downloaded binaries.

Restart the MongoDB instance.

Default Value:

Patches are not installed by default.

See Also

https://workbench.cisecurity.org/files/3463

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(5), CSCv7|2.2

Plugin: MongoDB

Control ID: c67ab184c0dafae8a674dcbafd05312d77cc3bfb940b0648d116bf590c5335ad