Nutanix AOS must conform to Federal Identity, Credential, and Access Management (FICAM)-issued profiles.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279444 | NXAC-AS-000043 | SV-279444r1192356_rule | CCI-004085 | medium |
| Description | ||||
| Without conforming to FICAM-issued profiles, the information system may not be interoperable with FICAM-authentication protocols, such as SAML 2.0 and OpenID 2.0. This requirement addresses open identity management standards. | ||||
| STIG | Date | |||
| Nutanix Acropolis Application Server Security Technical Implementation Guide | 2026-02-24 | |||
Details
Check Text (C-279444r1192356_chk)
Confirm the Nutanix VM application server Prism Element is configured to accept FICAM-approved third party credentials.
1. Log in to Prism Element.
2. Click the gear icon in the upper-right corner.
3. Navigate to Authentication settings.
4. Verify a SAML-based identity provider is configured.
If a SAML-based identity provider is not configured this is a finding.
Fix Text (F-83902r1191117_fix)
Configure the Nutanix VM application server Prism Element to use FICAM authentication.
1. Log in to Prism Element.
2. Click the gear icon in the upper-right corner.
3. Navigate to Authentication settings.
4. Select the "Configure SAML Authentication Account" check box, and then do the following in the indicated fields:
a. Select the authentication directory that contains the CAC users to authenticate. This list includes the directories that are configured on the Directory List tab.
b. Service Username: Enter the username in the username@domain.com format that you want the web console to use to log in to the Active Directory.
c. Service Password: Enter the password for the service username.
d. Click "Enable CAC".