STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide

V-221158

CAT I (High)

MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.

Rule ID

SV-221158r960768_rule

STIG

MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000015

Discussion

MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.

Check Content

Verify that the MongoDB configuration file (default location: /etc/mongod.conf) contains the following:

security:
authorization: "enabled"

If this parameter is not present, this is a finding.

Fix Text

Edit the MongoDB configuration file (default location: /etc/mongod.con) to include the following:

security:
authorization: "enabled"

This will enable SCRAM-SHA-1 authentication (default).

Instruction on configuring the default authentication is provided here:

https://docs.mongodb.com/v3.4/tutorial/enable-authentication/

The high-level steps described by the above will require the following:

1. Start MongoDB without access control.
2. Connect to the instance.
3. Create the user administrator.
4. Restart the MongoDB instance with access control.
5. Connect and authenticate as the user administrator.
6. Create additional users as needed for your deployment.