Nutanix AOS 5.20.x Application Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000295-AS-000263
Group -
Nutanix AOS must automatically terminate a user session after 15 minutes of inactivity.
An attacker can take advantage of user sessions that are left open, thus bypassing the user authentication process. To thwart the vulnerability of open and unused user sessions, the application se...Rule Medium Severity -
Nutanix AOS must disable Remote Support Sessions.
Application servers provide remote access capability and must be able to enforce remote access policy requirements or work in conjunction with enterprise tools designed to enforce policy requiremen...Rule Medium Severity -
Nutanix AOS role mapping must be configured to the lowest privilege level needed for user access.
Strong access controls are critical to securing the application server. Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement...Rule Medium Severity -
Nutanix AOS must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. Restricti...Rule Medium Severity -
Nutanix AOS must offload log records onto a syslog server.
Information system logging capability is critical for accurate forensic analysis. Log record content that may be necessary to satisfy the requirement of this control includes, but is not limited to...Rule Medium Severity -
Nutanix AOS must be configured to send Cluster Check alerts to the SA and ISSO.
Logs are essential to monitor the health of the system, investigate changes that occurred to the system, or investigate a security incident. When log processing fails, the events during the failure...Rule Medium Severity -
Nutanix AOS must protect log information from any type of unauthorized access.
If log data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. In ad...Rule Medium Severity -
Nutanix AOS must perform RFC 5280-compliant certification path validation.
A certificate's certification path is the path from the end entity certificate to a trusted root certification authority (CA). Certification path validation is necessary for a relying party to make...Rule High Severity -
Nutanix AOS must restrict error messages only to authorized users.
If the application provides too much information in error logs and administrative messages to the screen, this could lead to compromise. The structure and content of error messages need to be caref...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.