Compliance and Certifications

ISO

ISO is an independent, non-governmental international organization with a membership of 164 national standards bodies.  Nutanix is committed to establishing and maintaining a robust security management systems in accordance with the following ISO Standards:

 

ISO/IEC 27001:2013 - Protection of sensitive information spanning its Information Security Management System (ISMS)
ISO/IEC 27017:2015 - Securing provisioning and use of cloud services within the ISMS
ISO/IEC 27018:2014 - Protection of Personally Identifiable Information (PII) for the public cloud computing environment within the ISMS
ISO/IEC TS 27008:2019 - Establishing controls critical to security assurance of the supply chain.

* Xi Leap Region EU Italy (Sparkle) is not included in this certification

SOC

SOC is a commonly-understood ]criteria developed by the American Institue of Certified Public Accountants (AICPA) for providing standard reporting on security controls at a service organization.  Nutanix maintains SOC2 and SOC3 certifications which provide independent attestation of the security controls in place to protect sensitive data within our prouct environments.

FIPS Certifications

The Cryptographic Module Validation Program (CMVP) is a joint effort between NIST in the United States and the Canadian Centre for Cyber Security (CCCS), a branch of the Communications Security Establishment (CSE). The CMVP validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2, Security Requirements for Cryptographic Modules, and other FIPS cryptography-based standards.

Federal Agencies in the United States and Canada may acquire active FIPS 140-2 cryptographic modules listed in the CMVP database of validated modules for the protection of sensitive information.

Common Criteria

Common Criteria is an international security certification that is recognized by many countries around the world.  When a product achieves certification in one country, the product is recognized as CC certified in all 31 participating nations that participate in the Common Criteria Recognition Agreement (CCRA) and recognized across Europe through the SOG-IS agreement. The Common Criteria standard is also an ISO standard, ISO 15408.   Nutanix’s AOS and AHV products are included in the scope of the Common Criteria EAL2+ evaluation.

Nutanix is currently listed as officially “In-Evaluation”.  When the CC certification is complete it will be listed on the Common Criteria Portal.

Xi Government Cloud is FedRAMP Authorized

Xi Government Cloud currently holds an Agency Authorization at a moderate security impact level. Nutanix Xi Government Cloud provides US Government agencies and supporting customers a single point of management and analysis across all of their clouds. Nutanix Government Cloud provides a suite of PaaS and SaaS services to enable streamlined cloud management, application delivery, and governance. Nutanix Government Cloud provides solutions to enable customers to adhere to U.S. International Traffic in Arms Regulations (ITAR) regulations.

Nutanix Government Cloud consists of the following services: Xi Frame and Xi Beam. Cloud is FedRAMP Authorized

FedRAMP

If you have any questions regarding compliance, please reach out to us.