CIS MongoDB 4 Benchmark 1.0.0 Checklist Details (Checklist Revisions)
Supporting Resources:
-
Download Prose - CIS MongoDB 4 Benchmark v1.0.0
- Center for Internet Security (CIS)
Target:
Target | CPE Name |
---|---|
MongoDB 4.0 | cpe:/a:mongodb:mongodb:4.0.0 (View CVEs) |
Checklist Highlights
- Checklist Name:
- CIS MongoDB 4 Benchmark
- Checklist ID:
- 1175
- Version:
- 1.0.0
- Type:
- Compliance
- Review Status:
- Final
- Authority:
- Third Party: Center for Internet Security (CIS)
- Original Publication Date:
- 08/02/2021
Checklist Summary:
This document, CIS MongoDB 4.0 Benchmark, provides prescriptive guidance for establishing a secure configuration posture for MongoDB version/s 4.x. This guide was tested against MongoDB 4.4 running on Ubuntu Linux, Linux Red hat, and Windows but applies to other distributions as well. To obtain the latest version of this guide, please visit http://benchmarks.cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write to us at feedback@cisecurity.org. Extracting Running Configuration File To verify the MongoDB running configuration file we need to connect MongoDB instance using MongoDB client with valid username/password and execute this command: db.runCommand( { getCmdLineOpts: 1 } ) The response will contain MongoDB running configuration file location. For example: "config" : "/etc/mongod.conf", Important Information Automated Assessment Content is provided for Linux platforms only and is set to look for mongod.conf in path /etc/mongod.conf. Mongod: The primary daemon process for the MongoDB system. It handles data requests, manages data access, and performs background management operations. Mongos: mongos is a routing service for MongoDB Sharded Clusters.mongos requires mongod config, which stores the metadata of the cluster.MongoDB Shard Utility, the controller and query router for sharded clusters. Sharding partitions the data-set into discrete parts.
Checklist Role:
- Database Server
Known Issues:
Not provided.
Target Audience:
This document is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate MongoDB.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Not provided.
Regulatory Compliance:
Not provided.
Comments/Warnings/Miscellaneous:
Not provided.
Disclaimer:
Not provided.
Product Support:
Not provided.
Point of Contact:
feedback@cisecurity.org
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
new checklist - 2/29/24 updated status to FINAL - 3/29/24
Dependency/Requirements:
URL | Description |
---|
References:
Reference URL | Description |
---|