The DBMS must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-265943	MD7X-00-008000	SV-265943r1028615_rule		Medium

Description

Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.

STIG	Date
MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide	2024-09-27

Details

Check Text (C-69861r1028613_chk)

Review the network functions, ports, protocols, and services supported by the DBMS.

If any protocol is prohibited by the PPSM guidance and is enabled, this is a finding.

Fix Text (F-69765r1028614_fix)

Deploy a DBMS capable of disabling a network function, port, protocol, or service prohibited by the PPSM guidance.

Disable each prohibited network function, port, protocol, or service.

More information for MongoDB port management can be found at the following link:
https://www.mongodb.com/docs/manual/reference/default-mongodb-port/