STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:SV-96635r1_rule
V-81921
SRG-APP-000441-DB-000378
MD3X-00-000760
CAT II
10
Stop the MongoDB instance if it is running. Obtain a certificate from a valid DoD certificate authority to be used for encrypted data transmission. Modify the MongoDB configuration file with ssl configuration options such as:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
Set "net.ssl.mode" to the "requireSSL".
Set "net.ssl.KeyFile" to the full path of the certificate (.pem) file.
Start/stop (restart) all mongod or mongos instances using the MongoDB configuration file (default location: /etc/mongod.conf).
Review the system information/specification for information indicating a strict requirement for data integrity and confidentiality when data is being prepared to be transmitted.
If such information is absent therein, this is not a finding.
If such information is present, inspect the MongoDB configuration file (default location: /etc/mongod.conf) for the following entries:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
If net.ssl.mode is not set to "requireSSL", this is a finding.
V-81921
False
MD3X-00-000760
Review the system information/specification for information indicating a strict requirement for data integrity and confidentiality when data is being prepared to be transmitted.
If such information is absent therein, this is not a finding.
If such information is present, inspect the MongoDB configuration file (default location: /etc/mongod.conf) for the following entries:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
If net.ssl.mode is not set to "requireSSL", this is a finding.
M
3265