STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:SV-96633r1_rule
V-81919
SRG-APP-000428-DB-000386
MD3X-00-000740
CAT II
10
Configure MongoDB to use the Encrypted Storage Engine and a KMIP appliance as documented here:
https://docs.mongodb.com/v3.4/core/security-encryption-at-rest/
https://docs.mongodb.com/v3.4/tutorial/configure-encryption/
Review the documentation and/or specification for the organization-defined information.
If any data is PII, classified or is deemed by the organization to be encrypted at rest, this is a finding.
Verify the mongod command line contain the following options:
--enableEncryption
--kmipServerName <KMIP Server HostName>
--kmipPort <KMIP server port>
--kmipServerCAFile ca.pem
--kmipClientCertificateFile client.pem
If these above options are not part of the mongod command line, this is a finding.
Items in the <> above and starting with kmip* are specific to the KMIP appliance and need to be set according to the KMIP appliance configuration.
V-81919
False
MD3X-00-000740
Review the documentation and/or specification for the organization-defined information.
If any data is PII, classified or is deemed by the organization to be encrypted at rest, this is a finding.
Verify the mongod command line contain the following options:
--enableEncryption
--kmipServerName <KMIP Server HostName>
--kmipPort <KMIP server port>
--kmipServerCAFile ca.pem
--kmipClientCertificateFile client.pem
If these above options are not part of the mongod command line, this is a finding.
Items in the <> above and starting with kmip* are specific to the KMIP appliance and need to be set according to the KMIP appliance configuration.
M
3265