Rule ID
SV-279526r1191364_rule
Version
V1R1
CCIs
Mechanisms to detect and prevent unauthorized communication flow must be configured or provided as part of the VMM design. If information flow control is not enforced based on proper functioning of the VMM and its service, helper, and guest VMs, the VMM may become compromised. Information flow control regulates where information is allowed to travel between a VMM (and its guest VMs) and external systems. In some cases, the VMM may delegate interface device management to a service VM, but the VMM still maintains control of all information flows. The flow of all system information must be monitored and controlled so it does not introduce any unacceptable risk to the VMM, its guest VMs, or data.
Validate Nutanix CVM VM networking has been implemented and all of the virtual networks are defined and documented by the information system security officer (ISSO). 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to "Network Configuration". Validate that all of the organizational-defined guest VM networks are defined. If not, this is a finding.
Add the guest VM networks. All interactions between guest VMs and external systems via other interface devices are mediated by the VMM or its service VMs. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to "Network Configuration". 4. Add the guest VM networks as defined by the organization.