Home
Security Hardening
DISA STIG MongoDB Enterprise Advanced 3.x V1R2

DISA STIG MongoDB Enterprise Advanced 3.x V1R2

MD3X-00-000410 – MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
Details One class of man-in-the-middle, or session hijacking, attack involves the adversary guessing at valid session identifiers based on patterns...
MD3X-00-000290 – Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled – JSONPEnabled
Details Information systems are capable of providing a wide variety of functions and services. Some of the functions and services,...
MD3X-00-000420 – MongoDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Details Failure to a known state can address safety or security in accordance with the mission/business needs of the organization....
MD3X-00-000290 – Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled – RESTInterfaceEnabled
Details Information systems are capable of providing a wide variety of functions and services. Some of the functions and services,...
MD3X-00-000310 – MongoDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
Details To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and...
MD3X-00-000310 – MongoDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
Details To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and...
MD3X-00-000320 – If DBMS authentication, using passwords, is employed, MongoDB must enforce the DoD standards for password complexity and lifetime.
Details OS/enterprise authentication and identification must be used (SQL2-00-023600). Native DBMS authentication may be used only when circumstances make it...
MD3X-00-000490 – MongoDB must check the validity of all data inputs except those specifically identified by the organization.
Details Invalid user input occurs when a user inserts data or characters into an application’s data entry fields and the...
MD3X-00-000500 – MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it.
Details With respect to database management systems, one class of threat is known as SQL Injection, or more generally, code...
MD3X-00-000520 – MongoDB must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
Details Any DBMS or associated application providing too much information in error messages on the screen or printout risks compromising...

Prev Next

DISA STIG MongoDB Enterprise Advanced 3.x V1R2

MD3X-00-000410 – MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

MD3X-00-000290 – Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled – JSONPEnabled

MD3X-00-000420 – MongoDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.

MD3X-00-000290 – Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled – RESTInterfaceEnabled

MD3X-00-000310 – MongoDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

MD3X-00-000310 – MongoDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

MD3X-00-000320 – If DBMS authentication, using passwords, is employed, MongoDB must enforce the DoD standards for password complexity and lifetime.

MD3X-00-000490 – MongoDB must check the validity of all data inputs except those specifically identified by the organization.

MD3X-00-000500 – MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it.

MD3X-00-000520 – MongoDB must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.