Nutanix AOS must use multifactor authentication (MFA) for access to privileged and nonprivileged accounts by enabling client authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279439 | NXAC-AS-000034 | SV-279439r1191103_rule | CCI-004047 | medium |
| Description | ||||
| Requiring a device separate from the system to which the user is attempting to gain access for one of the factors during MFA is to reduce the likelihood of compromising authenticators or credentials stored on the system. Adversaries may be able to compromise authenticators or credentials and subsequently impersonate authorized users. Implementing one of the factors on a separate device (e.g., a hardware token), provides a greater strength mechanism and an increased level of assurance in the authentication process. Satisfies: SRG-APP-000825-AS-000180, SRG-APP-000820-AS-000170 | ||||
| STIG | Date | |||
| Nutanix Acropolis Application Server Security Technical Implementation Guide | 2026-02-24 | |||
Details
Check Text (C-279439r1191103_chk)
Confirm the Prism Element WebUI requires client authentication.
1. Log in to Prism Element.
2. Click the gear icon in the upper-right corner.
3. Navigate to Authentication.
4. Click the "Client" tab.
5. Verify client authentication is enabled.
If client authentication is not enabled, this is a finding.
Fix Text (F-83897r1191102_fix)
Configure the Prism Element WebUI to require client authentication.
1. Log in to Prism Element.
2. Click the gear in the upper-right corner and navigate to Authentication.
3. Click the "Client" tab.
4. Select the "Configure Client Chain Certificate" check box.
5. Click "Choose File", browse to and select a client chain certificate to upload, and then click "Open" to upload the certificate.
6. Click "Enable Client Authentication".