STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:

MongoDB must provide the means for individuals in authorized roles to change the auditing to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds.

DISA Rule

SV-96615r1_rule

Vulnerability Number

V-81901

Group Title

SRG-APP-000353-DB-000324

Rule Version

MD3X-00-000590

Severity

CAT II

CCI(s)

• CCI-001914 - The information system provides the capability for organization-defined individuals or roles to change the auditing to be performed on organization-defined information system components based on organization-defined selectable event criteria within organization-defined time thresholds.

Weight

10

Fix Recommendation

Use the rolling maintenance procedure.

For each member of a replica set, starting with a secondary member, perform the following sequence of events, ending with the primary:

1. Restart the mongod instance as a standalone.
2. Perform the configure auditing task on the standalone instance.
3. Restart the mongod instance as a member of the replica set.

Check Contents

The MongoDB auditing facility allows authorized administrators and users track system activity. Once auditing is configured and enabled, changes to the audit events and filters require restarting the mongod (and mongos, if applicable) instances. This can be done with zero down time by performing the modifications using a rolling maintenance approach (i.e., change the parameters on the secondaries, step down the primary such that one of the reconfigured secondaries becomes the primary then reconfigure the old primary).

If replica sets or the rolling maintenance approach is not used for the procedure by the application owner, this is a finding.

Vulnerability Number

V-81901

Documentable

False

Rule Version

MD3X-00-000590

Severity Override Guidance

The MongoDB auditing facility allows authorized administrators and users track system activity. Once auditing is configured and enabled, changes to the audit events and filters require restarting the mongod (and mongos, if applicable) instances. This can be done with zero down time by performing the modifications using a rolling maintenance approach (i.e., change the parameters on the secondaries, step down the primary such that one of the reconfigured secondaries becomes the primary then reconfigure the old primary).

If replica sets or the rolling maintenance approach is not used for the procedure by the application owner, this is a finding.

Check Content Reference

M

Target Key

3265

Comments