CIS_MongoDB_Benchmark_v100

 CIS MongoDB Benchmark v1.0.0 - 12-30-2016 1 | Page This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License. The link to the license terms can be found at To further clarify the Creative Commons license related to CIS Benchmark content, you are authorized to copy and redistribute the content for use by you, within your organization and outside your organization for non-commercial purposes only, provided that (i) appropriate credit is given to CIS, (ii) a link to the license is provided. Additionally, if you remix, transform or build upon the CIS Benchmark(s), you may only distribute the modified materials if they are subject to the same license terms as the original Benchmark license and your derivative will no longer be a CIS Benchmark. Commercial use of CIS Benchmarks is subject to the prior approval of the Center for Internet Security. 2 | Page Table of Contents Overview ...................................................................................................................................................................... 4 Intended Audience .............................................................................................................................................. 4 Consensus Guidance ........................................................................................................................................... 4 Typographical Conventions ............................................................................................................................ 5 Scoring Information ............................................................................................................................................ 5 Profile Definitions ................................................................................................................................................ 6 Acknowledgements ............................................................................................................................................. 7 Recommendations .................................................................................................................................................... 8 1 Installation and Patching .............................................................................................................................. 8 1.1 Ensure the appropriate MongoDB software version/patches are installed (Scored) .......................................................................................................................................................... 8 2 Authentication ................................................................................................................................................ 10 2.1 Ensure that authentication is enabled for MongoDB databases (Scored) .............. 10 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception (Scored) ....................................................................................................................................................... 12 2.3 Ensure authentication is enabled in the sharded cluster (Scored) ............................ 13 2.4 Ensure an industry standard authentication mechanism is used (Scored) ........... 15 3 Access Control ................................................................................................................................................ 17 3.1 Ensure that role-based access control is enabled and configured appropriately (Scored) ....................................................................................................................................................... 17 3.2 Ensure that MongoDB only listens for network connections on authorized interfaces (Scored) ................................................................................................................................. 19 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account (Scored) ....................................................................................................................................................... 20 3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges (Scored) ............................................................................................................ 21 3.5 Review User-Defined Roles (Scored) ...................................................................................... 23 3.6 Review Superuser/Admin Roles (Scored) ............................................................................ 24 4 Data Encryption ............................................................................................................................................. 26 4.1 E