) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
MongoDB 8.x STIG Ver 1, Rel 1 Checklist Details (Checklist Revisions)
NOTE
This is not the current revision of this Checklist, view the current revision.
Supporting Resources:
-
Download Standalone XCCDF 1.1.4 - MongoDB Enterprise Advanced 8.x STIG - Ver 1, Rel
- Defense Information Systems Agency
Target:
| Target | CPE Name |
|---|---|
| Mongodb Mongodb 8.0.0 | cpe:/a:mongodb:mongodb:8.0.0::~~-~~~ (View CVEs) |
Checklist Highlights
- Checklist Name:
- MongoDB 8.x STIG
- Checklist ID:
- 1323
- Version:
- Ver 1, Rel 1
- Type:
- Compliance
- Review Status:
- Candidate
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 03/03/2026
Checklist Summary:
The MongoDB Enterprise Advanced (EA) 8.x Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DOD) information systems. This document is meant to be used in conjunction with the Red Hat Enterprise Linux (OS) STIG, Network STIGs, and other STIGs as applicable to the database host environment. It is based on the Database Security Requirements Guide (SRG), which in turn derives its cybersecurity controls from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 5.MongoDB EA is the commercial self-managed edition of MongoDBs scalable, general-purpose document database and is compatible with various platforms, including physical, virtual, and containerized environments. The database stores data in flexible JSON-like documents, allowing for dynamic fields that can vary from document to document. MongoDB EA is designed for scalability and high performance, making it ideal for handling large volumes of data with its distributed, horizontal scale-out architecture. MongoDB EA includes advanced security features, such as authentication, access control, and encryption, to protect sensitive data.This STIG requires that the product is deployed on a FIPS-compliant, cryptography-enabled operating system found in the Cryptographic Module Validation Program, or by other means to ensure that FIPS 140-2/140-3-certified OpenSSL libraries are used by the database management system.
Checklist Role:
- Database Server
Known Issues:
Not provided.
Target Audience:
Parties within the DOD and federal governments computing environments can obtain the applicable STIG from the DOD Cyber Exchange website at https://cyber.mil/. This site contains the latest copies of STIGs, SRGs, and other related security information. Those without a Common Access Card (CAC) that has DOD Certificates can obtain the STIG from https://public.cyber.mil/.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Not provided.
Regulatory Compliance:
Not provided.
Comments/Warnings/Miscellaneous:
Not provided.
Disclaimer:
This STIG requires that the product is deployed on a FIPS-compliant, cryptography-enabled operating system found in the Cryptographic Module Validation Program, or by other means to ensure that FIPS 140-2/140-3-certified OpenSSL libraries are used by the database management system.
Product Support:
Not provided.
Point of Contact:
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
Dependency/Requirements:
| URL | Description |
|---|
References:
| Reference URL | Description |
|---|
NIST checklist record last modified on 03/03/2026
* This checklist is still undergoing review for inclusion into the NCP.