Nutanix v6.5 products certified for inclusion on U.S. Dept. of Defense Information Network (DoDIN) Approved Products Lists

By Matt Keller, Senior Manager of Technical Programs, Compliance

February 8, 2023 | min

Nutanix products demonstrate continuous priority on security by consistently updating product versions to meet DISA cybersecurity and CVE testing

Nutanix is pleased to announce that its latest Long-Term Support (LTS) release of Nutanix’s Acropolis OS (AOS) HCI software, which includes Nutanix’s AHV® hypervisor,  has been added to the Department of Defense Information Network Approved Products List (DoDIN APL).

With the original Nutanix products listing of Acropolis v5.20 in July 2021, the updated listing to Acropolis v6.0.2.6 in April 2022, and now with the latest updated listing to Acropolis v6.5, Nutanix continues a certification cadence that demonstrates our commitment to maintaining a high level of security in our products over time.

The DoDIN APL is a single consolidated list of products that have completed the Defense Information Systems Agency (DISA) cybersecurity and interoperability certification. Products are tested against multiple Security Technical Implementation Guides (STIGs) as well as subjected to vulnerability testing, CAC compliance, and IPv6 functionality requirements. The Joint Interoperability Test Command (JITC) test center completed its review and certified the Nutanix products as continuing to demonstrate the required security functionality.

Eric Hammersley, Nutanix Sr. Director, Engineering & Chief Product Security Officer, stated, “Nutanix is proud to continue our defense-in-depth approach to security that covers the entire infrastructure lifecycle. Cybersecurity is a top priority for so many of our customers. Nutanix maintains FIPS 140 and  Common Criteria compliance, and the DoDIN APL certification, to provide our customers the assurances that they need to choose Nutanix with confidence.”

To follow procurement requirements defined by the DoD and other federal departments, agencies may need to purchase only products that appear on the DoDIN APL because they have been tested and shown to address government security standards. A listing on the DoDIN APL is required for all hardware and software products that are implemented into the technology infrastructure of the DoD by mandate of DoDI 8100.04 and fulfills Risk Management Framework (RMF) CS/IA testing requirements.

Nutanix products are designed to protect against cyberattacks and data loss by starting with an out-of-the-box, intrinsically hardened, scalable Acropolis operating system and AHV hypervisor that are compliant against those STIGs required by the DISA guidelines. Nutanix provides native data-at-rest encryption with FIPS 140-2 validated modules. Nutanix follows a comprehensive security development lifecycle that incorporates security into every step of the Nutanix software development process so that security is built-in, not bolted on.

“Nutanix being listed on the DoDIN Approved Product List reflects our continued commitment to cybersecurity,” said Chip George, Nutanix Vice President of Public Sector. "We remain committed to supporting our federal customers by providing solutions that improve their cybersecurity posture, meet mandates and securely advance their cloud-smart agenda.”

For more details on the latest DoDIN APL and other security certifications completed by Nutanix, please visit the Nutanix Trust Site. Government civilian and/or uniformed military personnel may receive the Nutanix Cybersecurity Assessment Package (CAP) by requesting this information from the Approved Products Certification Office (APCO).  

© 2022 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.

This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.