STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:SV-96637r1_rule
V-81923
SRG-APP-000442-DB-000379
MD3X-00-000770
CAT II
10
Obtain a certificate from a valid DoD certificate authority to be used for encrypted data transmission.
Modify the MongoDB configuration file (default location: /etc/mongod.conf) with the network configuration options.
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
Set "net.ssl.mode" to the "requireSSL".
Set "net.ssl.KeyFile" to the full path of the certificate (.pem) file.
Start/stop (restart) all mongod or mongos instances using the MongoDB configuration file (default location: /etc/mongod.conf).
If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, this is not a finding.
If such strict requirement for ensure data integrity and confidentially is present, inspect the MongoDB configuration file (default location: /etc/mongod.conf) for the following entries:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
If net.ssl.mode is not set to "requireSSL", this is a finding.
V-81923
False
MD3X-00-000770
If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, this is not a finding.
If such strict requirement for ensure data integrity and confidentially is present, inspect the MongoDB configuration file (default location: /etc/mongod.conf) for the following entries:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
If net.ssl.mode is not set to "requireSSL", this is a finding.
M
3265