The Nutanix AOS 5.20 Security Technical Implementation Guide (STIG)

Published by DISA: Automate Security Hardening for Federal Agencies with Nutanix Security Configuration Management and Automation (SCMA) and the DISA Nutanix AOS STIG.

By Sherry Walshak, Director – Public Sector Solutions Marketing

May 8, 2023 | min

Nutanix is helping federal system administrators meet stringent Defense Information Systems Agency (DISA) defined security standards with the publication of a new Security Technical Implementation Guide (STIG) for the AOS™ software, which is the foundation of the Nutanix Cloud Platform™  that intelligently runs and manages applications and data at scale - as a service, on-premises, at the edge, and in hybrid multiclouds. 

The STIG significantly reduces the effort required by manual configuration of system hardening, a critical layer of the security-in-depth policies designed to enhance cyber resilience and protect vital systems from possible penetration or compromise by adversarial actors.

What is a STIG?

A STIG is a set of guidelines developed by the DISA to provide security measures that improve the security of the Department of Defense (DOD) computer systems. However, they are also used by many other organizations to secure their IT systems. 

Why did Nutanix create its own STIG?

Nutanix, in partnership with DISA, created the Nutanix AOS STIG to simplify and streamline Nutanix software products to be accredited so they can be deployed and run on Federal government and DoD networks. The STIG aligns to NIST 800-53 controls to ensure that the product meets the strict security hardening requirements. 

The Nutanix AOS STIG enables system administrators to harden Nutanix systems to protect vital infrastructure from possible penetration or compromise from adversarial actors attempting to gain access inappropriately.

System hardened by default and maintained with automation

With the Nutanix AOS STIG, automated hardening reduces the number of manual configuration settings for DOD security from hundreds of steps to just a few. Automated hardening ensures compliance with DISA requirements, reduces possible errors from manual settings, and speeds system hardening against infrastructure compromise to improve the security posture of Nutanix customers. 

In addition,  security configuration management automation (SCMA) ensures continued compliance in conjunction with the  Nutanix Prism® security dashboard that provides an at-a-glance of each customer’s STIG status, security posture, audit, and reporting. Administrators can then take immediate action to resolve misconfigurations and anomalies in their Nutanix Cloud Platform. Customers can obtain the STIG from the DOD Cyber Exchange website or the Cyber Exchange public site.

© 2023 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.

This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.