UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Nutanix AOS must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.


Overview

Finding ID Version Rule ID IA Controls Severity
V-254114 NUTX-AP-000430 SV-254114r846430_rule High
Description
Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. Class 4 certificates are used for business-to-business transactions. Utilizing unapproved certificates not issued or approved by DoD or CNS creates an integrity risk. The application server must utilize approved DoD or CNS Class 3 or Class 4 certificates for software signing and business-to-business transactions. Satisfies: SRG-APP-000514-AS-000137, SRG-APP-000427-AS-000264
STIG Date
Nutanix AOS 5.20.x Application Security Technical Implementation Guide 2022-08-24

Details

Check Text ( C-57599r846428_chk )
Confirm Nutanix AOS is configured with a trusted DoD root CA signed certificate.

1. Log in to Prism Element.
2. Click on the gear icon in the upper right.
3. Navigate to the SSL Certificate section.
4. Ensure the approved CA signed certificate is installed.

If the certificate used is not from an approved DoD-approved CA, this is a finding.
Fix Text (F-57550r846429_fix)
Configure Nutanix AOS to use a trusted DoD root CA signed certificate.

1. Log in to Prism Element.
2. Click on the gear icon in the upper right.
3. Navigate to the SSL Certificate section.
4. Click "Relace Certificate".
5. Select "Import Key and Certificate".
6. Select the Private Key Type and upload the Private key; Public Certificate, and the CA Certificate or chain.
7. Select "Import Files".