Following the recent German university disclosures on unsecured MongoDB intances, we have been pointing users/press at our Security Checklist:
The very last action on that page is to contact MongoDB for further guidance- however, this is only to access the DoD STIG only. Any non-US requests are being ignored by the US Fed team, so we need to change the advise in this section asap (we've already had a German customer chasing us for a copy of the STIG)
Request is to move the entire section under the heading "Contact MongoDB for Further Guidance" above the current "Consider Security Standards Compliance"
Then change that section from Contact MongoDB for Further Guidance to the following:
Request a STIG (if applicable)
The Security Technical Implementation Guide (STIG) contains security guidelines for deployments within the United States Department of Defense. MongoDB Inc. provides our STIG upon request for situations where it is required. Please request a copy (link to http://www.mongodb.com/lp/contact/stig-requests) for more information.