The DBMS must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-265943 | MD7X-00-008000 | SV-265943r1028615_rule | CCI-001762 | medium |
| Description | ||||
| Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats. | ||||
| STIG | Date | |||
| MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide | 2024-09-27 | |||
Details
Check Text (C-265943r1028615_chk)
Review the network functions, ports, protocols, and services supported by the DBMS.
If any protocol is prohibited by the PPSM guidance and is enabled, this is a finding.
Fix Text (F-69765r1028614_fix)
Deploy a DBMS capable of disabling a network function, port, protocol, or service prohibited by the PPSM guidance.
Disable each prohibited network function, port, protocol, or service.
More information for MongoDB port management can be found at the following link:
https://www.mongodb.com/docs/manual/reference/default-mongodb-port/