STIGQter STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:

MongoDB must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.

DISA Rule

SV-96631r1_rule

Vulnerability Number

V-81917

Group Title

SRG-APP-000427-DB-000385

Rule Version

MD3X-00-000730

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove any certificate that was not issued by an approved DoD certificate authority. Contact the organization's certificate issuer and request a new certificate that is issued by a valid DoD certificate authorities.

Check Contents

To run MongoDB in SSL mode, you have to obtain a valid certificate singed by a single certificate authority.

Before starting the MongoDB database in SSL mode, verify that certificate used is issued by a valid DoD certificate authority (openssl x509 -in <path_to_certificate_pem_file> -text | grep -i "issuer").

If there is any issuer present in the certificate that is not a DoD approved certificate authority, this is a finding.

Vulnerability Number

V-81917

Documentable

False

Rule Version

MD3X-00-000730

Severity Override Guidance

To run MongoDB in SSL mode, you have to obtain a valid certificate singed by a single certificate authority.

Before starting the MongoDB database in SSL mode, verify that certificate used is issued by a valid DoD certificate authority (openssl x509 -in <path_to_certificate_pem_file> -text | grep -i "issuer").

If there is any issuer present in the certificate that is not a DoD approved certificate authority, this is a finding.

Check Content Reference

M

Target Key

3265

Comments