Nutanix AOS 5.20.x OS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Nutanix AOS must disconnect a session after 15 minutes of idle time for all connection types.
A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature ...Rule Medium Severity -
Nutanix AOS must implement DoD-approved encryption to protect the confidentiality of remote access sessions.
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Remote access is access to DoD nonpublic information s...Rule High Severity -
Nutanix AOS must be configured with an encrypted boot password for root.
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be...Rule Low Severity -
Nutanix AOS must enforce discretionary access control on symlinks and hardlinks.
Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which...Rule Medium Severity -
Nutanix AOS must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access.
Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal ...Rule Low Severity -
Any publicly accessible connection to Nutanix AOS must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system.
Display of a standardized and approved use notification before granting access to the publicly accessible operating system ensures privacy and security notification verbiage used is consistent with...Rule Medium Severity -
Nutanix AOS must provide audit record generation capability for DoD-defined auditable events for directory and permissions management actions.
Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit rec...Rule Medium Severity -
Nutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful uses and variations of the creat privileged commands.
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or...Rule Medium Severity -
Nutanix AOS must generate audit records for file extended attribute actions.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
Nutanix AOS must generate audit records when successful/unsuccessful logon attempts occur.
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.