AnnouncementIntroducing MongoDB 8.0, the fastest MongoDB ever! Read more >>Introducing MongoDB 8.0, the fastest MongoDB ever! >>

Changes to Technical and Organizational Security Measures

Last Updated: August 31, 2022.

We have updated our Technical and Organizational Security Measures to clarify certain existing MongoDB security controls and to describe new or enhanced controls that secure customer data in MongoDB Atlas. Key updates include:

  • New security and data management certifications (see Section 2.1, General).

  • Advanced tools for securing Atlas UI user credentials, including the use of a security key, biometrics option, or built-in authenticators (see Section 4.1.1, MongoDB Atlas UI Authentication and Authorization).

  • Greater flexibility in configuring user roles and privileges for MongoDB Atlas clusters (see Section 4.1.2, MongoDB Atlas Cluster Authentication and Authorization).

  • Improved control over how long you give MongoDB Privileged Users temporary access to your Atlas cluster environment for troubleshooting purposes (see Section 4.2.2, Restricting MongoDB Personnel Access).

  • The ability to predefine automatic deletion dates for different data sections within MongoDB Atlas Online Archive (see Section 4.5, Secure Deletion of Customer Data).

Last Updated: August 4, 2021.

We have updated our Technical and Organizational Security Measures to clarify certain existing MongoDB security controls and to describe new or enhanced controls that secure customer data in MongoDB Atlas.

Last Updated: January 31, 2020.

We updated the Technical and Organizational Security Measures to provide you with additional detail on our information security program and the security features, processes, and controls applicable to the Cloud Services. We’ve provided greater transparency with respect to our personnel controls, how we train employees on privacy and security, the encryption measures in our products, network connectivity options, authentication options, backup configurations, the controls around our access to customer data, our software development lifecycle, monitoring and alerting, vulnerability management, and our security incident response policy. We also added commitments with respect to employee access to our internal systems, physical controls at our offices, our encryption key management procedures, business continuity and disaster recovery, incident tracking, and the certifications and audit reports we can provide to you.