U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

CIS MongoDB 7 Benchmark 1.0.0 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
MongoDB 7.0.0 cpe:/a:mongodb:mongodb:7.0.0 (View CVEs)

Checklist Highlights

Checklist Name:
CIS MongoDB 7 Benchmark
Checklist ID:
1181
Version:
1.0.0
Type:
Compliance
Review Status:
Final
Authority:
Third Party: Center for Internet Security (CIS)
Original Publication Date:
11/16/2023

Checklist Summary:

his document, CIS MongoDB 7.0 Benchmark, provides prescriptive guidance for establishing a secure configuration posture for MongoDB version/s 7.x. This guide was tested against MongoDB 7.0.0 running on Ubuntu Linux, Linux Red hat, and Windows but applies to other distributions as well. To obtain the latest version of this guide, please visit http://benchmarks.cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write to us at feedback@cisecurity.org. Extracting Running Configuration File To verify the MongoDB running configuration file we need to connect MongoDB instance using MongoDB client with valid username/password and execute this command: db.runCommand( { getCmdLineOpts: 1 } ) The response will contain MongoDB running configuration file location. For example: "config" : "/etc/mongod.conf", **MongoDB Configuration File Location ** For Windows: "\bin\mongod.cfg" For macOS: "/usr/local/etc/mongod.conf" (Intel processors) and "/opt/homebrew/etc/mongod.conf" (Apple M1 processors) For Linux: "/etc/mongod.conf" Important Information Automated Assessment Content is provided for Linux platforms only and is set to look for mongod.conf in path /etc/mongod.conf. Mongod: The primary daemon process for the MongoDB system. It handles data requests, manages data access, and performs background management operations. Mongos: mongos is a routing service for MongoDB Sharded Clusters.mongos requires mongod config, which stores the metadata of the cluster.MongoDB Shard Utility, the controller and query router for sharded clusters. Sharding partitions the data-set into discrete parts.

Checklist Role:

  • Database Server

Known Issues:

Not provided.

Target Audience:

This document is intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate MongoDB.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

feedback@cisecurity.org

Sponsor:

Not provided.

Licensing:

Not provided.

Change History: 

new checklist - 2/29/24
Candidate to Final - 4/15/2024

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 04/15/2024