STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide

V-279398

CAT II (Medium)

MongoDB must prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate recognized and approved by the organization.

Rule ID

SV-279398r1179494_rule

STIG

MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-003992

Discussion

Software and firmware components prevented from installation unless signed with recognized and approved certificates include software and firmware version updates, patches, service packs, device drivers, and basic input/output system updates. Organizations can identify applicable software and firmware components by type, by specific items, or a combination of both. Digital signatures and organizational verification of such signatures is a method of code authentication.

Check Content

1. Identify that the MongoDB repository is installed and enabled by running the following command: 

$ yum repolist enabled | grep "mongodb-enterprise-8.0".
  
2. Review the contents of the repository file (/etc/yum.repos.d/mongodb-enterprise-8.0.repo) and compare them to the standard configuration below:

[mongodb-enterprise-8.0]
name=MongoDB Enterprise Repository
baseurl=https://repo.mongodb.com/yum/redhat/9/mongodb-enterprise/8.0/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-8.0.asc

3. Examine the installed MongoDB components and their versions by running the following command: 

$ yum list installed mongodb-*
 
4. The output will resemble the following, but with potentially different versions:

Installed Packages

mongodb-database-tools.x86_64                                                     100.12.2-1                                      @mongodb-enterprise-8.0
mongodb-enterprise.x86_64                                                           8.0.12-1.el9                                      @mongodb-enterprise-8.0
mongodb-enterprise-cryptd.x86_64                                               8.0.12-1.el9                                       @mongodb-enterprise-8.0
mongodb-enterprise-database.x86_64                                          8.0.12-1.el9                                       @mongodb-enterprise-8.0
mongodb-enterprise-database-tools-extra.x86_64                       8.0.12-1.el9                                       @mongodb-enterprise-8.0
mongodb-enterprise-mongos.x86_64                                            8.0.12-1.el9                                       @mongodb-enterprise-8.0
mongodb-enterprise-server.x86_64                                               8.0.12-1.el9                                       @mongodb-enterprise-8.0
mongodb-enterprise-tools.x86_64                                                 8.0.12-1.el9                                       @mongodb-enterprise-8.0
mongodb-mongosh.x86_64                                                              2.5.6-1.el8                                       @mongodb-enterprise-8.0

5. Check for available updates for the installed MongoDB components by running the following command: 
$ sudo yum check-update --repo mongodb-enterprise-8.0

The output will list any components that need to be updated. 

If the MongoDB repository is not enabled, its contents do not match the standard configuration, or if any components are not installed or are not the most current version available, this is a finding.

Fix Text

Ensure the MongoDB repository is configured according to the official documentation.

Install any missing or outdated components by running the command: 

$ sudo yum update --repo mongodb-enterprise-8.0

Restart the MongoDB service: 

$ sudo systemctl restart mongod

The YUM method is the preferred method because it provides automatic dependency management, built-in rollback support, and simplified security updates. These features reduce the risk of misconfiguration and ensure a more stable and secure environment that is easier to maintain and keep compliant.

For additional details, refer to the MongoDB documentation: 
https://www.mongodb.com/docs/v8.0/tutorial/install-mongodb-enterprise-on-red-hat/