Blog

Nutanix 6.0 family of products Tested and Certified for Inclusion on Dept of Defense Information Network (DoDIN) Approved Products Lists

Nutanix products making security a priority with continuous certification and passing of rigorous DISA Cybersecurity and CVE Testing

By Matt Keller

May 30, 2022 | min

Nutanix is pleased to announce that updated Nutanix® AOS, AHV, and Files products have been added to the Department of Defense Information Network Approved Products List (DoDIN APL). Originally listed on the DoDIN APL in 2021, updated Nutanix product versions recently passed the rigorous DISA testing protocols in April 2022.

The DoDIN APL is a single consolidated list of products that have completed the Defense Information Systems Agency’s (DISA’s) Cybersecurity (CS) and Interoperability (IO) certification. Products are tested against multiple Security Technical Implementation Guides (STIGs) as well as subjected to vulnerability testing, CAC compliance, and IPv6 functionality requirements. Nutanix has successfully demonstrated the core security features of our products by passing this testing performed by the Joint Interoperability Test Command (JITC) Test Center. JITC testing focused on showing Nutanix’s STIG compliance and honed process for CVE patching, with the results enabling the latest Nutanix products to be listed on the DoDIN APL.

Induprakas Keri, Nutanix’s Chief Product Security Officer stated, “Nutanix takes a comprehensive, defense-in-depth approach to security that covers the entire infrastructure lifecycle, from how the product is built to how it's deployed and managed. Our DoDIN APL listing demonstrates our on-going compliance to the DoDIN criteria and the DISA STIGS in this set of products that were just released. This means that our customers can trust that Nutanix has a plan for a regular cadence of DoDIN testing to show our products will stay compliant, so our government customers can choose Nutanix with confidence.”

In order to follow procurement requirements defined by the DoD and other departments, agencies may need to purchase only products that appear on the DoDIN APL as these products have been tested and shown to address government security standards. A listing on the DoDIN APL is required for all hardware and software products that are implemented into the technology infrastructure of the U.S. DoD by mandate of DoDI 8100.04 and fulfills Risk Management Framework (RMF) CS/IA testing requirements.

Nutanix products are designed to protect against cyber attacks and data loss by starting with an out-of-the-box, intrinsically hardened, scalable OS (Acropolis® OS) and hypervisor (AHV®) that are compliant against those STIGs required by the DISA guidelines. Nutanix provides native Data-At-Rest Encryption with FIPS 140-2 validated modules. Nutanix follows a comprehensive Security Development Lifecycle which incorporates security into every step of the Nutanix software development process so that security is built-in, not bolted on.

"Cybersecurity is a top priority for every government organization", said Chip George, Nutanix’s Vice President of Public Sector. "Nutanix DoDIN APL certification reflects our on-going commitment to help Federal customers improve their cybersecurity posture, meet mandates, and securely advance their cloud-smart agenda.”

For more details on the latest DoDIN APL Listing and other security certifications completed by Nutanix, please visit: Nutanix’s Trust Site. Government civilian and/or uniformed military personnel may receive the Nutanix Cybersecurity Assessment Package (CAP) by requesting this information from the Approved Products Certification Office (APCO).

© 2022 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.

This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances..