Nutanix AOS must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-254101	NUTX-AP-000070	SV-254101r846391_rule		Medium

Description
Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. Restricting nonprivileged users also prevents an attacker, who has gained access to a nonprivileged account, from elevating privileges, creating accounts, and performing system checks and maintenance.

STIG	Date
Nutanix AOS 5.20.x Application Security Technical Implementation Guide	2022-08-24

Details

Check Text ( C-57586r846389_chk )
Display a list of configured users and their roles on the Prism UI: 1. Log in to Prism Element. 2. Click on the gear icon in the upper right. 3. Navigate to "Local User Management". Validate that only authorized accounts have been assigned the "Cluster Admin" role by comparing the above list against the approved user list provided by the ISSM. If there are any users assigned the "Cluster Admin" role that have not been authorized by the ISSM, this is a finding.

Check Text ( C-57586r846389_chk )

Display a list of configured users and their roles on the Prism UI:

1. Log in to Prism Element.
2. Click on the gear icon in the upper right.
3. Navigate to "Local User Management".

Validate that only authorized accounts have been assigned the "Cluster Admin" role by comparing the above list against the approved user list provided by the ISSM.

If there are any users assigned the "Cluster Admin" role that have not been authorized by the ISSM, this is a finding.

Fix Text (F-57537r846390_fix)
Assign the privileged users identified by the ISSM to the Cluster Admin role.