{ "component-definition": { "uuid": "a7ba800c-a432-44cd-9075-0862cd66da6b", "metadata": { "title": "MongoDB Component Definition Example", "last-modified": "2024-02-01T13:57:28.355446-04:00", "version": "20231012", "oscal-version": "1.1.2", "roles": [ { "id": "provider", "title": "Provider" } ], "parties": [ { "uuid": "ef7c799a-c50e-49ab-83e0-515e989e6df1", "type": "organization", "name": "MongoDB", "links": [ { "href": "https://www.mongodb.com", "rel": "website" } ] } ] }, "components": [ { "uuid": "91f646c5-b1b6-4786-9ec3-2305a044e217", "type": "service", "title": "MongoDB", "description": "MongoDB is a source-available, cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas.", "purpose": "Provides a NoSQL database service", "responsible-roles": [ { "role-id": "provider", "party-uuids": [ "ef7c799a-c50e-49ab-83e0-515e989e6df1" ] }, { "role-id": "customer" } ], "protocols": [ { "uuid": "2b4a1b3a-cbc5-4cc8-bde6-7437c28c4e54", "name": "mongodb", "title": "Primary daemon process for the MongoDB system.", "port-ranges": [ { "start": 27017, "end": 27017, "transport": "TCP" } ] }, { "uuid": "99d8d4e5-e734-4e05-a2f9-7353097b8b61", "name": "mongodb-shardsrv", "title": "MongoDB protocol for sharding with shardsrv option.", "port-ranges": [ { "start": 27018, "end": 27018, "transport": "TCP" } ] }, { "uuid": "6fa762f1-09ca-44d5-a94c-cfceb57debd5", "name": "mongodb-configsvr", "title": "MongoDB protocol for configsrv operation.", "port-ranges": [ { "start": 27019, "end": 27019, "transport": "TCP" } ] } ], "control-implementations": [ { "uuid": "49f0b690-ed9f-4f32-aae0-625b77aa6d27", "source": "#ba047e56-faef-430c-bafb-c54e9a87c6e8", "description": "MongoDB control implementations for NIST SP 800-53 revision 5.", "implemented-requirements": [ { "uuid": "cf8338c5-fb6e-4593-a4a8-b3c4946ee080", "control-id": "sc-8", "description": "MongoDB's implementation of SC-8 control. The details of the implementation are provided at the statement level.", "set-parameters": [ { "param-id": "sc-8_prm_1", "values": [ "confidentiality" ] } ], "statements": [ { "statement-id": "sc-8_smt", "uuid": "bb9219b1-e51c-4680-abb0-616a43bbfbb1", "description": "MongoDB implements TLS 1.x to protect the {{ insert: param, sc-8_prm_1 }} of transmitted data by encrypting data in transit, preventing unauthorized disclosure or changes to information during transmission." } ] }, { "uuid": "cf8338c5-fb6e-4593-a4a8-b3c4946ee081", "control-id": "sc-8.1", "description": "MongoDB implements cryptographic mechanisms (TLS 1.x) to provide cryptographic protection for data in transit.", "set-parameters": [ { "param-id": "sc-8.1_prm_1", "values": [ "prevent unauthorized disclosure of information" ] } ], "statements": [ { "statement-id": "sc-8.1_smt", "uuid": "bb9219b1-e51c-4680-abb0-616a43bbfbb1", "description": "To implement cryptographic mechanisms (aka enable TLS 1.x) to {{ insert: param, sc-8.1_prm_1 }}, customers need to set the `PEMKeyFile` option in the configuration file `/etc/mongod.conf` to the certificate file's path and restart the component.", "responsible-roles": [ { "role-id": "customer" } ] } ] }, { "uuid": "5227daf8-7a4b-4fe0-aea9-3547b7de2603", "control-id": "sa-4.9", "description": "Must ensure that MongoDB only listens for network connections on authorized interfaces by configuring the MongoDB configuration file to limit the services exposure to only the network interfaces on which MongoDB instances should listen for incoming connections." } ] } ] } ], "back-matter": { "resources": [ { "uuid": "ba047e56-faef-430c-bafb-c54e9a87c6e8", "description": "NIST Special Publication 800-53 Revision 5: Moderate Baseline Profile", "rlinks": [ { "href": "../../../nist.gov/SP800-53/rev5/xml/NIST_SP-800-53_rev5_MODERATE-baseline_profile.xml", "media-type": "application/oscal.catalog+xml" }, { "href": "../../../nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_MODERATE-baseline_profile.json", "media-type": "application/oscal.catalog+json" }, { "href": "../../../nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5_MODERATE-baseline_profile.yaml", "media-type": "application/oscal.catalog+yaml" } ] } ] } } }