Rule ID
SV-279448r1192364_rule
Version
V1R1
Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive, tape drive) within an application server. Alternative physical protection measures include protected distribution systems. In order to prevent unauthorized disclosure or modification of the information, application servers must protect data at rest by using cryptographic mechanisms. Selection of a cryptographic mechanism is based on the need to protect the integrity of organizational information. The strength of the mechanism is commensurate with the security category and/or classification of the information. Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields). Satisfies: SRG-APP-000428-AS-000265, SRG-APP-000429-AS-000157
Confirm the Nutanix VM application server is configured to enable data-at-rest encryption. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to "Data-at-Rest Encryption". 4. Verify software encryption is enabled. If encryption is not enabled, this is a finding.
Configure the Nutanix VM application server to enable data-at-rest encryption. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to "Data-at-Rest Encryption". 4. Select "Edit configuration". 5. Select either the cluster local KMS or an external KMS. 6. Click "Protect" and confirm by typing "ENCRYPT".