MD3X-00-000020 – MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Details

MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Use createRole(), updateRole(), dropRole(), grantRole() statements to add and remove permissions on server-level securables, bringing them into line with the documented requirements.

MongoDB commands for role management can be found here:
https://docs.mongodb.com/v3.4/reference/method/js-role-management/

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MDB_Enterprise_Advanced_3-x_V1R2_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system MongoDB.

References

800-53|AC-3
CAT|II
CCI|CCI-000213
Rule-ID|SV-96559r1_rule
STIG-ID|MD3X-00-000020
Vuln-ID|V-81845

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles