Nutanix AOS must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254114 | NUTX-AP-000430 | SV-254114r846430_rule | High |
| Description |
|---|
| Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. Class 4 certificates are used for business-to-business transactions. Utilizing unapproved certificates not issued or approved by DoD or CNS creates an integrity risk. The application server must utilize approved DoD or CNS Class 3 or Class 4 certificates for software signing and business-to-business transactions. Satisfies: SRG-APP-000514-AS-000137, SRG-APP-000427-AS-000264 |
| STIG | Date |
|---|---|
| Nutanix AOS 5.20.x Application Security Technical Implementation Guide | 2022-08-24 |
Details
| Check Text ( C-57599r846428_chk ) |
|---|
| Confirm Nutanix AOS is configured with a trusted DoD root CA signed certificate. 1. Log in to Prism Element. 2. Click on the gear icon in the upper right. 3. Navigate to the SSL Certificate section. 4. Ensure the approved CA signed certificate is installed. If the certificate used is not from an approved DoD-approved CA, this is a finding. |
| Fix Text (F-57550r846429_fix) |
|---|
| Configure Nutanix AOS to use a trusted DoD root CA signed certificate. 1. Log in to Prism Element. 2. Click on the gear icon in the upper right. 3. Navigate to the SSL Certificate section. 4. Click "Relace Certificate". 5. Select "Import Key and Certificate". 6. Select the Private Key Type and upload the Private key; Public Certificate, and the CA Certificate or chain. 7. Select "Import Files". |