4.4 Ensure Federal Information Processing Standard (FIPS) is enabled

Information

The Federal Information Processing Standard (FIPS) is a computer security standard used to certify software modules and libraries that encrypt and decrypt data securely. You can configure MongoDB to run with a FIPS 140-2 certified library for OpenSSL.

FIPS is a property of the encryption system and not the access control system. However, the environment requires FIPS compliant encryption and access control. Organizations must ensure that the access control system uses only FIPS-compliant encryption.

Rationale:

FIPS is an industry standard which dictates how data should be encrypted at rest and during transmission.

Solution

Configuring FIPS mode, ensure that your certificate is FIPS compliant. Run mongod or mongos instance in FIPS mode.
Make changes to configuration file, to configure your mongod or mongos instance to use FIPS mode, shut down the instance and update the configuration file with the following setting:

net:
tls:
FIPSMode: true

Start mongod or mongos instance with a configuration file.

mongod --config /etc/mongod.conf

Default Value:

Not configured

See Also

https://workbench.cisecurity.org/benchmarks/15135

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, 800-53|SC-28, CSCv7|14.4, CSCv7|14.8

Plugin: Unix

Control ID: 30cf15633bcf52a3ec4c043aa3cf8b6fbfc0f4372bd5d881fe3f1b00d27a0eda