STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Nutanix AOS 5.20.x Application Security Technical Implementation Guide

V-254114

CAT I (High)

Nutanix AOS must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.

Rule ID

SV-254114r961857_rule

STIG

Nutanix AOS 5.20.x Application Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002450CCI-002470

Discussion

Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. Class 4 certificates are used for business-to-business transactions. Utilizing unapproved certificates not issued or approved by DoD or CNS creates an integrity risk. The application server must utilize approved DoD or CNS Class 3 or Class 4 certificates for software signing and business-to-business transactions. Satisfies: SRG-APP-000514-AS-000137, SRG-APP-000427-AS-000264

Check Content

Confirm Nutanix AOS is configured with a trusted DoD root CA signed certificate.

1. Log in to Prism Element.
2. Click on the gear icon in the upper right.
3. Navigate to the SSL Certificate section.
4. Ensure the approved CA signed certificate is installed.

If the certificate used is not from an approved DoD-approved CA, this is a finding.

Fix Text

Configure Nutanix AOS to use a trusted DoD root CA signed certificate.

1. Log in to Prism Element.
2. Click on the gear icon in the upper right.
3. Navigate to the SSL Certificate section.
4. Click "Relace Certificate".
5. Select "Import Key and Certificate".
6. Select the Private Key Type and upload the Private key; Public Certificate, and the CA Certificate or chain.
7. Select "Import Files".