Nutanix Brings Web-Scale Simplicity to IT Environments with Stringent Compliance Requirements

New Capabilities and Certifications Help IT Managers Meet Security Demands Across Industries

SAN JOSE, CALIF. – December 9, 2014Nutanix, the web-scale converged infrastructure company, today announced added security capabilities for its Virtual Computing Platform, including a number of additional certifications and security features, such as data-at-rest encryption. These capabilities augment the company’s Security Development Lifecycle (SecDL), which embeds security into every step of the software development process. Businesses that manage sensitive customer data and business information, such as government agencies and those in healthcare and financial services, can now benefit from the simplicity of Nutanix web-scale technology with confidence.

The new security capabilities are available with Nutanix Operating System (NOS) 4.1 software, and help IT security teams meet stringent standards like HIPAA, PCI DSS and SOX. Nutanix hardware platforms now meet a number of certification standards including FIPS 140-2, NSA Suite B support (to Top Secret), Common Criteria EAL2+, NIST-SP800-131A and others. Security features available in this release include:

  • Self-encrypting drives to secure data at rest, compliant with FIPS 140-2 Level 2 standards
  • Strong two-factor authentication, including the use of client certificates, to prevent unauthorized administrator log-ins
  • Nutanix Cluster Shield to limit administrator access in security-conscious environments by restricting shell logins

“Security is required across the entire datacenter architecture, including server and storage systems. Unfortunately, legacy infrastructure components often lack the necessary controls and fail to meet common certification requirements,” said Simon Mijolovic, Senior Security Solutions Architect at Nutanix. “Nutanix hyperconverged solutions integrate server and storage resources into a turnkey appliance, giving IT teams a single point of control to strongly protect data, secure administrator privileges and meet security certification requirements.”

The Nutanix security development lifecycle integrates security directly into the software development process, enabling automated testing and threat modeling to comprehensively assess and mitigate security risks before software is deemed production ready. Nutanix has also developed its own comprehensive Security Technical Implementation Guide (STIG) written in open XCCDF.xml format to support the Security Content Automation Protocol (SCAP) standard. This machine-readable code eliminates time-consuming testing by enterprise security teams and cuts the typical 9-12 month accreditation process for the DIACAP/DIARMF transition to just 30 minutes.

“Nutanix continues to provide innovative solutions to improve IT security across federal government organizations,” said Robert Sanchious, CEO/Chief of Engineering, SHR Consulting Group. “By publishing and testing to their own STIG incorporating DOD STIG guidelines, Nutanix has eliminated the need for time-consuming testing by customers and end-users, allowing us to bring innovative technology into government enterprises.”

All software-driven security capabilities are available across the entire Nutanix appliance portfolio. Data-at-rest encryption is available in Nutanix’s popular NX-3000 and NX-6000 platforms. For more information, check out the Nutanix blog or please

About Nutanix

Nutanix delivers web-scale converged infrastructure to medium and large enterprises with its software-driven Virtual Computing Platform, natively converging compute and storage into a single solution to drive unprecedented simplicity in the datacenter. Customers can start with a few servers and scale to thousands, with predictable performance and economics. With a patented elastic data fabric and consumer-grade management, Nutanix is the blueprint for application-optimized and policy-driven infrastructure. Learn more at or follow up on Twitter @nutanix.