Documentation - V-279373

V-279373

MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide

CAT II

Title

MongoDB must prevent nonprivileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Description

<VulnDiscussion>Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. System documentation should include a definition of the functionality considered privileged. Depending on circumstances, privileged functions can include, for example, establishing accounts, performing system integrity checks, or administering cryptographic key management activities. Nonprivil...

Fix Text (Documentation Requirement)

Ensure users are assigned only to authorized roles. To revoke a role from a user in a database, run the following commands: > use <database> > db.revokeRolesFromUser( "<username>", [ <roles> ], { <writeConcern> } ) Reference: https://www.mongodb.com/docs/v8.0/reference/method/db.revokeRolesFromUser/

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel