Nutanix AOS must accept Federal Identity, Credential, and Access Management (FICAM)-approved third-party credentials.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-279443	NXAC-AS-000042	SV-279443r1192354_rule	CCI-004083	medium
Description
Access may be denied to legitimate users if FICAM-approved third-party credentials are not accepted. This requirement typically applies to organizational information systems that are accessible to nonfederal government agencies and other partners. This allows federal government-relying parties to trust such credentials at their approved assurance levels. Third-party credentials are those credentials issued by nonfederal government entities approved by the FICAM Trust Framework Solutions initiative.
STIG			Date
Nutanix Acropolis Application Server Security Technical Implementation Guide			2026-02-24

Details

Check Text (C-279443r1192354_chk)

If configured, Confirm the Nutanix VM application server Prism Element is configured to accept FICAM-approved third party credentials. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to Authentication settings. 4. Verify a SAML-based identity provider is configured. If a SAML-based identity provider is not configured, this is a finding.

Fix Text (F-83901r1191114_fix)

Configure the Nutanix VM application server Prism Element to use FICAM authentication. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to Authentication settings. 4. Select "Configure SAML Authentication Account" check box, and then do the following in the indicated fields: a. Select the authentication directory that contains the CAC users to authenticate. This list includes the directories that are configured on the directory list tab. b. Service Username: Enter the username in the username@domain.com for the web console to use to log in to the Active Directory. c. Service Password: Enter the password for the service username. d. Click "Enable CAC".