Skip to content

Nutanix AOS 5.20.x OS Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must not have the rsh-server package installed.

    &lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...
    Rule Medium Severity
  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must not have the ypserv package installed.

    &lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...
    Rule Medium Severity
  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must not have the telnet-server package installed.

    &lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...
    Rule Medium Severity
  • SRG-OS-000096-GPOS-00050

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

    &lt;VulnDiscussion&gt;To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embeddi...
    Rule Medium Severity
  • SRG-OS-000373-GPOS-00156

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must require users to reauthenticate for privilege escalation.

    &lt;VulnDiscussion&gt;Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operati...
    Rule Medium Severity
  • SRG-OS-000112-GPOS-00057

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must implement replay-resistant authentication mechanisms for network access to privileged accounts.

    &lt;VulnDiscussion&gt;A replay attack may enable an unauthorized user to gain access to the operating system. Authentication sessions between the a...
    Rule Medium Severity
  • SRG-OS-000114-GPOS-00059

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must be configured to disable USB mass storage devices.

    &lt;VulnDiscussion&gt;Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Per...
    Rule Medium Severity
  • SRG-OS-000118-GPOS-00060

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must be configured to disable user accounts after the password expires.

    &lt;VulnDiscussion&gt;Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potenti...
    Rule Low Severity
  • SRG-OS-000069-GPOS-00037

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must enforce password complexity by requiring that at least one uppercase character be used.

    &lt;VulnDiscussion&gt;Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...
    Rule Medium Severity
  • SRG-OS-000070-GPOS-00038

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must enforce password complexity by requiring that at least one lowercase character be used.

    &lt;VulnDiscussion&gt;Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules