Minimus updates the image's MongoDB package regularly to incorporate the latest official security releases and validates versions against supported vendor baselines. View the Minimus new version SLA for further information.

Authorization is explicitly enabled in the image configuration.

Localhost authorization bypass is explicitly disabled by default (setParameter.enableLocalhostAuthBypass: false).

Minimus verified the configuration to ensure the mongod/mongos process owner is a dedicated non-root, non-privileged account.

Switch to the FIPS 140-3 validated image to satisfy this benchmark.

Configured to disable quiet logging (systemLog.quiet: false).

Configured to append new entries to the end of log files as required (systemLog.logAppend: true).

This image is configured to use a non-default port (net.port is not configured to 27017).

The default configuration is set to disable server-side JS features with security.javascriptEnabled: false.