4.1 Ensure TLS or SSL protects all network communications

Information

Use TLS or SSL to protect all incoming and outgoing connections. This should include using TLS or SSL to encrypt communication between mongod and mongos components of a MongoDB client as well as between all applications and MongoDB.

Most MongoDB distributions include support for SSL or TLS.

Rationale:

This prevents sniffing of cleartext traffic between MongoDB components or performing a man-in-the-middle attack for MongoDB.

Solution

Configure MongoDB servers to require the use of SSL or TLS to encrypt all MongoDB network communications.





Default Value:

Not configured

See Also

https://workbench.cisecurity.org/files/168

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8(1)

Plugin: Unix

Control ID: db52d0013b4019d909a1a7330ff64bad70bc8a5759fff5bfe5b11a5912bf8fc7