Skip to content

II - Mission Support Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000364-GPOS-00151

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must not be configured to allow KerberosAuthentication.

    &lt;VulnDiscussion&gt;Failure to provide logical access restrictions associated with changes to system configuration may have significant effects o...
    Rule Medium Severity
  • SRG-OS-000366-GPOS-00153

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must prevent the installation of patches, service packs, device drivers, or operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization.

    &lt;VulnDiscussion&gt;Changes to any software components can have significant effects on the overall security of the operating system. This require...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00225

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must prevent the use of dictionary words for passwords.

    &lt;VulnDiscussion&gt;If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of pas...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00226

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.

    &lt;VulnDiscussion&gt;Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain acc...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must be configured to run SCMA daily.

    &lt;VulnDiscussion&gt;The Nutanix platform leverages the use of the Security Configuration Management Automation (SCMA) framework to ensure secure ...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00228

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.

    &lt;VulnDiscussion&gt;Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary acce...
    Rule Low Severity
  • SRG-OS-000480-GPOS-00229

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must not allow an unattended or automatic logon to the system.

    &lt;VulnDiscussion&gt;Failure to restrict system access to authenticated users negatively impacts operating system security.&lt;/VulnDiscussion&gt;...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00230

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must be configured so that all local interactive user home directories have mode "0750" or less permissive.

    &lt;VulnDiscussion&gt;Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.&...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00232

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must enable an application firewall, if available.

    &lt;VulnDiscussion&gt;Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls ...
    Rule Medium Severity
  • SRG-OS-000368-GPOS-00154

    <GroupDescription></GroupDescription>
    Group
  • Nutanix AOS must be configured with nodev, nosuid, and noexec options for /dev/shm.

    &lt;VulnDiscussion&gt;Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some operating systems may pr...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules