MD4X-00-001700 - MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Information

MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Use
createRole(),
updateRole(),
dropRole(),
grantRole() statements
to add and remove permissions on MongoDB serverl securables, bringing them into line with the documented requirements.

MongoDB commands for role management can be found here:
https://docs.mongodb.com/v4.4/reference/method/js-role-management/

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MDB_Enterprise_Advanced_4-x_V1R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CAT|I, CCI|CCI-000213, Rule-ID|SV-252150r960792_rule, STIG-ID|MD4X-00-001700, Vuln-ID|V-252150

Plugin: MongoDB

Control ID: bdc3605d1b7ffc843a7c577ec1dea846e81c6211bc0caef94b7504d190263bba