STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide

V-279399

CAT II (Medium)

MongoDB must require users to be individually authenticated before granting access to the shared accounts or resources.

Rule ID

SV-279399r1179524_rule

STIG

MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-004045

Discussion

Individual authentication prior to shared group authentication mitigates the risk of using group accounts or authenticators.

Check Content

Check the MongoDB configuration file (default location /etc/mongod.conf) for a section named "security". 
 
If this section does not contain the subkey of "authorization" with a value of "enabled" as shown below, this is a finding.

security:
    authorization: enabled

Fix Text

Enable authorization for MongoDB Enterprise.

Read the directions in the MongoDB documentation here: 
https://www.mongodb.com/docs/v8.0/tutorial/configure-scram-client-authentication/

Create the user administrator.

Edit the MongoDB database configuration file (default location /etc/mongod.conf) to contain the following setting in the security section:

security:
    authorization: enabled

Stop/start (restart) the mongod or mongos instance using this configuration.

Log on to MongoDB as an authorized user created by the user administrator and run the following command to verify the output is "true":

db.getSiblingDB("admin").runCommand({getCmdLineOpts: 1}).parsed.security.authorization

The output of this command must be "true".