Documentation - V-279333

V-279333

MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide

CAT I

Title

MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Description

<VulnDiscussion>Authentication with a DOD-approved PKI certificate does not necessarily imply authorization to access the DBMS. To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems, including databases, must be properly configured to implement access control policies. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedure...

Fix Text (Documentation Requirement)

Use the following statements to add and remove permissions on MongoDB server securables, bringing them in line with the documented requirements: createRole(), updateRole(), dropRole(), grantRolesToUser() MongoDB commands for role management can be found here: https://www.mongodb.com/docs/v8.0/reference/method/js-role-management/

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel