From MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide
Part of SRG-APP-000231-DB-000154
Associated with: CCI-001199
This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive, tape drive) within an organizational information system. Applications and application users generate information throughout the course of their application use.
If the MongoDB Encrypted Storage Engines is being used, ensure that the "security.enableEncryption" option is set to "true" in the MongoDB configuration file (default location: /etc/mongod.conf) or that MongoDB was started with the "--enableEncryption" command line option. Check the MongoDB configuration file (default location: /etc/mongod.conf). If the following parameter is not present, this is a finding. security: enableEncryption: "true" If any mongod process is started with "--enableEncryption false", this is a finding.
Ensure that the MongoDB Configuration file (default location: /etc/mongod.conf) has the following set:
security:
enableEncryption: "true"
Ensure that any mongod process that contains the option "--enableEcryption" has "true" as its parameter
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer