Product Compliance

Certifications

ISO 27001

ISO 27017

ISO 27018

SOC 2 Type 1

SOC 2 Type 2

SOC 3

FIPS

FedRAMP

Common Criteria

FedRAMP

Xi Government Cloud is FedRAMP Authorized

Xi Government Cloud currently holds an Agency Authorization at a moderate security impact level. Nutanix Xi Government Cloud provides US Government agencies and supporting customers a single point of management and analysis across all of their clouds. Nutanix Government Cloud provides a suite of PaaS and SaaS services to enable streamlined cloud management, application delivery, and governance. Nutanix Government Cloud provides solutions to enable customers to adhere to U.S. International Traffic in Arms Regulations (ITAR) regulations.

Nutanix Government Cloud consists of the following services: Xi Frame and Xi Beam. 

SOC Certifications

SOC 2 Type 1

Services: Xi Leap, Xi Frame, Xi Beam

SOC 2 Type 2

Services: Xi Frame, Xi Beam

SOC 3

Services: Xi Frame

SOC 3

Services: Xi Beam

ISO Certifications

ISO 27001

Services: Xi Leap,* Xi Beam, Xi Frame, Xi Epoch, Xi IoT

* Xi Leap Region EU Italy (Sparkle) is not included in this certification

ISO 27017

Services: Xi Leap,* Xi Beam, Xi Frame, Xi Epoch, Xi IoT

* Xi Leap Region EU Italy (Sparkle) is not included in this certification

ISO 27018

Services: Xi Leap,* Xi Beam, Xi Frame, Xi Epoch, Xi IoT

* Xi Leap Region EU Italy (Sparkle) is not included in this certification

ISO 28000

Products: Management of Nutanix supply chain including hardware cybersecurity in supporting NX products. This Security Management System excludes distribution and installation.

FIPS Certifications

The Cryptographic Module Validation Program (CMVP) is a joint effort between NIST in the United States and the Canadian Centre for Cyber Security (CCCS), a branch of the Communications Security Establishment (CSE). The CMVP validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2, Security Requirements for Cryptographic Modules, and other FIPS cryptography-based standards.

Federal Agencies in the United States and Canada may acquire active FIPS 140-2 cryptographic modules listed in the CMVP database of validated modules for the protection of sensitive information.

Certificate #3541

Certificate #3473

Certificate #3472

Certificate #3460

Common Criteria

Common Criteria is an international security certification that is recognized by many countries around the world.  When a product achieves certification in one country, the product is recognized as CC certified in all 31 participating nations that participate in the Common Criteria Recognition Agreement (CCRA) and recognized across Europe through the SOG-IS agreement. The Common Criteria standard is also an ISO standard, ISO 15408.   Nutanix’s AOS and AHV products are included in the scope of the Common Criteria EAL2+ evaluation.

 

Nutanix is currently listed as officially “In-Evaluation”.  When the CC certification is complete it will be listed on the Common Criteria Portal.

Common Criteria

In-Evaluation Listing

If you have any questions regarding compliance, please reach out to us.