Nutanix Products Tested and Selected for Inclusion on Dept of Defense Information Network (DoDIN) Approved Products Lists

Nutanix completed DISA's rigorous Cybersecurity and Interoperability Certification

By Matt Keller

September 1, 2021 | min

Nutanix is pleased to announce that Nutanix® AOS, AHV, and Files products have been certified for placement on the Department of Defense Information Network Approved Products List (DoDIN APL).

The DoDIN APL is a single consolidated list of products that have completed the Defense Information Systems Agency’s (DISA’s) rigorous Cybersecurity (CS) and Interoperability (IO) certification. Products are tested against multiple Security Technical Implementation Guides (STIGs) as well as subjected to vulnerability testing, CAC compliance, and IPv6 functionality requirements. Nutanix has successfully demonstrated the core security features of our products by passing this testing performed by the Joint Interoperability Test Command (JITC) Test Center.

In order to follow procurement requirements defined by the DoD and other departments, agencies may need to purchase only products that appear on the DoDIN APL as these products have been tested and shown to address government security standards. A listing on the DoDIN APL is required for all hardware and software products that are implemented into the technology infrastructure of the U.S. DoD by mandate of DoDI 8100.04 and fulfills Risk Management Framework (RMF) CS/IA testing requirements. The DoDIN APL was previously known as the UC APL (Unified Capabilities Approved Products List) and is sometimes referred to as having passed “JITC Testing” or “STIG Testing”.

Nutanix products are designed to protect against cyber attacks and data loss by starting with an out of the box, intrinsically hardened, scalable Cloud OS (Acropolis® OS) and hypervisor (AHV®) that are compliant against those STIGs required for testing under the DISA guidelines. A security baseline is maintained by self-healing deviations (or “drift”) with a system-wide Security Configuration Management Automation (SCMA) service. Nutanix provides native Data-At-Rest Encryption with FIPS 140-2 validated modules. Nutanix follows a comprehensive Security Development Lifecycle which incorporates security into every step of the Nutanix software development process so that security is built-in, not bolted on. The Nutanix Enterprise Cloud provides native platform hardening, security auditing and reporting, and protection from network threats.

Additionally, Nutanix products help to enable federal organizations to align to a Zero Trust Architecture (ZTA), a mandate that was included in the recent Executive Order to Improve the Nation’s Cybersecurity. ZTA adds more challenge response mechanisms and puts them closer to the resources being accessed to give greater protection to data.

The DoDIN APL certification along with four FIPS 140-2 certifications for cryptographic modules and the Common Criteria certification for AOS and AHV, demonstrates Nutanix’s commitment to providing the necessary security functionality to deploy these Nutanix products with confidence

Chip George, Vice President of Public Sector, Nutanix


For more details on the latest DoDIN APL Listing and other security certifications completed by Nutanix, please visit: Nutanix’s Trust Site. Government civilian and/or uniformed military personnel may receive the Nutanix Cybersecurity Assessment Package (CAP) by requesting this information from the Approved Products Certification Office (APCO).

© 2021 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.

This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.