Nutanix AOS 5.20.x OS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000075-GPOS-00043
<GroupDescription></GroupDescription>Group -
Nutanix AOS must prohibit password reuse for a minimum of five generations.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity -
SRG-OS-000383-GPOS-00166
<GroupDescription></GroupDescription>Group -
Nutanix AOS must prohibit the use of cached authenticators.
<VulnDiscussion>If cached authentication information is out-of-date, the validity of the authentication information may be questionable.</...Rule Medium Severity -
SRG-OS-000120-GPOS-00061
<GroupDescription></GroupDescription>Group -
Nutanix AOS pam_unix.so module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.
<VulnDiscussion>Unapproved mechanisms used for authentication to the cryptographic module are not verified and therefore, cannot be relied up...Rule High Severity -
SRG-OS-000392-GPOS-00172
<GroupDescription></GroupDescription>Group -
Nutanix AOS must audit all activities performed during nonlocal maintenance and diagnostic sessions.
<VulnDiscussion>If events associated with nonlocal administrative access or diagnostic sessions are not logged, a major tool for assessing an...Rule Medium Severity -
SRG-OS-000478-GPOS-00223
<GroupDescription></GroupDescription>Group -
Nutanix AOS must enable FIPS mode to implement NIST FIPS-validated cryptography.
<VulnDiscussion>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating ...Rule High Severity -
SRG-OS-000134-GPOS-00068
<GroupDescription></GroupDescription>Group -
Nutanix AOS must implement nonexecutable data to protect its memory from unauthorized code execution.
<VulnDiscussion>Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations t...Rule Medium Severity -
Nutanix AOS must be configured to run SELinux Policies.
<VulnDiscussion>Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed...Rule Medium Severity -
SRG-OS-000138-GPOS-00069
<GroupDescription></GroupDescription>Group -
Nutanix AOS must be configured to restrict public directories.
<VulnDiscussion>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of infor...Rule Medium Severity -
SRG-OS-000420-GPOS-00186
<GroupDescription></GroupDescription>Group -
Nutanix AOS must protect against or limit the effects of denial-of-service (DoS) attacks by ensuring the operating system is implementing rate-limiting measures on impacted network interfaces.
<VulnDiscussion>DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ac...Rule Medium Severity -
SRG-OS-000142-GPOS-00071
<GroupDescription></GroupDescription>Group -
Nutanix AOS must be configured to use syncookies to limit denial-of-service (DoS) attacks.
<VulnDiscussion>DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ac...Rule Medium Severity -
SRG-OS-000423-GPOS-00187
<GroupDescription></GroupDescription>Group -
Nutanix AOS must reveal error messages only to authorized users.
<VulnDiscussion>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...Rule Medium Severity -
SRG-OS-000433-GPOS-00192
<GroupDescription></GroupDescription>Group -
Nutanix AOS must protect the confidentiality and integrity of transmitted information.
<VulnDiscussion>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected commu...Rule Medium Severity -
SRG-OS-000425-GPOS-00189
<GroupDescription></GroupDescription>Group -
Nutanix AOS must maintain the confidentiality and integrity of information during preparation for transmission.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, for examp...Rule Medium Severity -
SRG-OS-000426-GPOS-00190
<GroupDescription></GroupDescription>Group -
Nutanix AOS must maintain the confidentiality and integrity of information during reception.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during reception, including, for example, duri...Rule Medium Severity -
SRG-OS-000205-GPOS-00083
<GroupDescription></GroupDescription>Group -
Nutanix AOS must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
<VulnDiscussion> Any operating system providing too much information in error messages risks compromising the data and security of the struct...Rule Medium Severity -
SRG-OS-000206-GPOS-00084
<GroupDescription></GroupDescription>Group -
SRG-OS-000433-GPOS-00193
<GroupDescription></GroupDescription>Group -
Nutanix AOS must implement address space layout randomization to protect its memory from unauthorized code execution.
<VulnDiscussion>Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations t...Rule Medium Severity -
SRG-OS-000437-GPOS-00194
<GroupDescription></GroupDescription>Group -
Nutanix AOS must remove all software components after updated versions have been installed.
<VulnDiscussion>Previous versions of software components that are not removed from the information system after updates have been installed m...Rule Medium Severity -
SRG-OS-000445-GPOS-00199
<GroupDescription></GroupDescription>Group -
Nutanix AOS must be configured to use SELinux Enforcing mode.
<VulnDiscussion>Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.