Nutanix AOS must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254101 | NUTX-AP-000070 | SV-254101r846391_rule | Medium |
| Description |
|---|
| Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. Restricting nonprivileged users also prevents an attacker, who has gained access to a nonprivileged account, from elevating privileges, creating accounts, and performing system checks and maintenance. |
| STIG | Date |
|---|---|
| Nutanix AOS 5.20.x Application Security Technical Implementation Guide | 2022-08-24 |
Details
| Check Text ( C-57586r846389_chk ) |
|---|
| Display a list of configured users and their roles on the Prism UI: 1. Log in to Prism Element. 2. Click on the gear icon in the upper right. 3. Navigate to "Local User Management". Validate that only authorized accounts have been assigned the "Cluster Admin" role by comparing the above list against the approved user list provided by the ISSM. If there are any users assigned the "Cluster Admin" role that have not been authorized by the ISSM, this is a finding. |
| Fix Text (F-57537r846390_fix) |
|---|
| Assign the privileged users identified by the ISSM to the Cluster Admin role. |