Nutanix OS must provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279622 | NXAC-OS-000191 | SV-279622r1192573_rule | CCI-004910 | medium |
| Description | ||||
| A Trusted Platform Module (TPM) is an example of a hardware-protected data store that can be used to protect cryptographic keys. | ||||
| STIG | Date | |||
| Nutanix Acropolis GPOS Security Technical Implementation Guide | 2026-02-24 | |||
Details
Check Text (C-279622r1192573_chk)
Verify that the Nutanix OS hardware consists of a hardware TPM module installed and loaded using the following command.
$ sudo lsmod | grep -i tpm
tpm 77824 1 trusted
rng_core 16384 1 tpm
If no lines are returned or if the TPM does not indicate "trusted", this is a finding.
Fix Text (F-84080r1192572_fix)
Hardware TPM modules consist of a hardware chip that is built into the motherboard of the physical server. If no TPM module exists, then a new physical server is required.
For AHV, if the TPM module exists but is not "trusted' then something has been modified within AHV and the system must be rebuilt from source to correct this issue.