MD3X-00-000530 – MongoDB must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA.
Details If MongoDB provides too much information in error logs and administrative messages to the screen, this could lead to...
- Home
- Security Hardening
- DISA STIG MongoDB Enterprise Advanced 3.x V1R2
DISA STIG MongoDB Enterprise Advanced 3.x V1R2
MD3X-00-000540 – MongoDB must associate organization-defined types of security labels having organization-defined security label values with information in storage.
Details Without the association of security labels to information, there is no basis for MongoDB to make security-related access-control decisions....MD3X-00-000570 – MongoDB must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.
Details Discretionary Access Control (DAC) is based on the notion that individual users are ‘owners’ of objects and therefore have...MD3X-00-000590 – MongoDB must provide the means for individuals in authorized roles to change the auditing to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds.
Details If authorized individuals do not have the ability to modify auditing parameters in response to a changing threat environment,...MD3X-00-000600 – MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB.
Details Without the ability to centrally manage the content captured in the audit records, identification, troubleshooting, and correlation of suspicious...MD3X-00-000620 – MongoDB must allocate audit record storage capacity in accordance with site audit record storage requirements.
Details In order to ensure sufficient storage capacity for the audit logs, MongoDB must be able to allocate audit record...MD3X-00-000630 – MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.
Details Organizations are required to use a central log management system, so, under normal conditions, the audit space allocated to...MD3X-00-000650 – MongoDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.
Details Allowing regular users to install software, without explicit privileges, creates the risk that untested or potentially malicious software will...MD3X-00-000670 – MongoDB must enforce access restrictions associated with changes to the configuration of MongoDB or database(s).
Details Failure to provide logical access restrictions associated with changes to configuration may have significant effects on the overall security...MD3X-00-000440 – MongoDB must protect the confidentiality and integrity of all information at rest.
Details This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers...