Nutanix AOS must be configured to run SCMA daily.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254194 | NUTX-OS-001070 | SV-254194r846670_rule | Medium |
| Description |
|---|
| The Nutanix platform leverages the use of the Security Configuration Management Automation (SCMA) framework to ensure secure configurations have not been altered from their desired state. If the SCMA framework is not run on a daily basis, changes to the secure baseline could be made, compromising multiple security functions and features on the operating system. |
| STIG | Date |
|---|---|
| Nutanix AOS 5.20.x OS Security Technical Implementation Guide | 2022-08-24 |
Details
| Check Text ( C-57679r846668_chk ) |
|---|
| Verify that the SCMA framework is set to run daily: $ ncli cluster get-cvm-security-config | egrep 'Schedule' Schedule : DAILY If "Schedule" is not set to "DAILY", this is a finding. |
| Fix Text (F-57630r846669_fix) |
|---|
| Set the SCMA framework to check the baseline daily: $ sudo ncli cluster edit-cvm-security-params schedule=daily |