Skip to content

II - Mission Support Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000077-GPOS-00045

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must prohibit password reuse for a minimum of five generations.

    &lt;VulnDiscussion&gt;Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...
    Rule Medium Severity
  • SRG-OS-000383-GPOS-00166

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must prohibit the use of cached authenticators.

    &lt;VulnDiscussion&gt;If cached authentication information is out-of-date, the validity of the authentication information may be questionable.&lt;/...
    Rule Medium Severity
  • SRG-OS-000120-GPOS-00061

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS pam_unix.so module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.

    &lt;VulnDiscussion&gt;Unapproved mechanisms used for authentication to the cryptographic module are not verified and therefore, cannot be relied up...
    Rule High Severity
  • SRG-OS-000392-GPOS-00172

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must audit all activities performed during nonlocal maintenance and diagnostic sessions.

    &lt;VulnDiscussion&gt;If events associated with nonlocal administrative access or diagnostic sessions are not logged, a major tool for assessing an...
    Rule Medium Severity
  • SRG-OS-000478-GPOS-00223

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must enable FIPS mode to implement NIST FIPS-validated cryptography.

    &lt;VulnDiscussion&gt;Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating ...
    Rule High Severity
  • SRG-OS-000134-GPOS-00068

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must be configured to run SELinux Policies.

    &lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed...
    Rule Medium Severity
  • SRG-OS-000138-GPOS-00069

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must be configured to restrict public directories.

    &lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of infor...
    Rule Medium Severity
  • SRG-OS-000420-GPOS-00186

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must protect against or limit the effects of denial-of-service (DoS) attacks by ensuring the operating system is implementing rate-limiting measures on impacted network interfaces.

    &lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ac...
    Rule Medium Severity
  • SRG-OS-000142-GPOS-00071

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must be configured to use syncookies to limit denial-of-service (DoS) attacks.

    &lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ac...
    Rule Medium Severity
  • SRG-OS-000423-GPOS-00187

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must protect the confidentiality and integrity of transmitted information.

    &lt;VulnDiscussion&gt;Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected commu...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules