STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:

MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

DISA Rule

SV-96593r1_rule

Vulnerability Number

V-81879

Group Title

SRG-APP-000224-DB-000384

Rule Version

MD3X-00-000410

Severity

CAT II

CCI(s)

CCI-001188 - The information system generates unique session identifiers for each session with organization-defined randomness requirements.

Weight

Fix Recommendation

Follow the documentation guide at https://docs.mongodb.com/v3.4/tutorial/configure-ssl/.

Stop/start (restart) and mongod or mongos using the MongoDB configuration file.

Check Contents

Check the MongoDB configuration file (default location: /etc/mongod.conf).

The following should be set:

net:
ssl:
mode: requireSSL

If this is not found in the MongoDB configuration file, this is a finding.

Vulnerability Number

V-81879

Documentable

False

Rule Version

MD3X-00-000410

Severity Override Guidance

Check Content Reference

Target Key

3265

MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments