Skip to main content
CUI

STIG Rule - V-265905

Back to STIG Browser

V-265905

SV-265905r1028704_rule

CAT I

MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.

From: MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide (V1R1)

Description

<VulnDiscussion>MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

Check Procedure

Verify that the MongoDB configuration file (default location: /etc/mongod.conf) contains the following: security: authorization: "enabled" If this parameter is not present, this is a finding. If using organization-mandated authorization: Verify that the MongoDB configuration file (default location: /etc/mongod.conf) contains the following to ensure LDAP auth is enabled as well: security: ldap: servers: [list of ldap servers] If this parameter is not present, this is a finding. Refer to Security LDAP configuration documentation for additional details: https://www.mongodb.com/docs/v7.0/core/security-ldap-external/#configuration

Fix Text

Edit the MongoDB configuration file (default location: /etc/mongod.conf) to include the following: security: authorization: "enabled" This will enable SCRAM-SHA-256 authentication (default). Instruction on configuring the default authentication is provided here: https://www.mongodb.com/docs/v7.0/tutorial/enable-authentication/ The high-level steps described by the above will require the following: 1. Start MongoDB without access control. 2. Connect to the instance. 3. Create the user administrator. 4. Restart the MongoDB instance with access control. 5. Connect and authenticate as the user administrator. 6. Create additional users as needed for the deployment. Configuration information for LDAP for MongoDB can be found here: https://www.mongodb.com/docs/v7.0/core/security-ldap-external/ https://www.mongodb.com/docs/v7.0/core/security-ldap-external/#configuration

CCI Reference

CCI-000015
Created
2026-04-07 20:08:27
Last Updated
2026-04-07 20:08:27
Back to Browse
CUI