Rule ID
SV-279447r1192582_rule
Version
V1R1
CCIs
This control is intended to address the confidentiality and integrity of information at rest in nonmobile devices and covers user information and system information. Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive, tape drive) within an organizational information system. Application servers generate information throughout the course of their use, most notably, log data. If the data is not encrypted while at rest, the data used later for forensic investigation cannot be guaranteed to be unchanged and cannot be used for prosecution of an attacker. To accomplish a credible investigation and prosecution, the data integrity and information confidentiality must be guaranteed. Application servers must provide the capability to protect all data, especially log data, to ensure confidentiality and integrity.
Confirm the Nutanix VM application server is set to use data-at-rest encryption when stored offline. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to "Data-at-Rest Encryption". 4. Verify software encryption is enabled. If software encryption is not enabled, this is a finding.
Configure the Nutanix VM application server to use data-at-rest encryption when stored offline. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to "Data-at-Rest Encryption". 4. Select "Edit configuration". 5. Select either the cluster local KMS or an external KMS. 6. Click "Protect" and confirm by typing "ENCRYPT".