STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Nutanix Acropolis GPOS Security Technical Implementation Guide

V-279598

CAT II (Medium)

Nutanix OS must require users to reauthenticate for privilege escalation.

Rule ID

SV-279598r1192561_rule

STIG

Nutanix Acropolis GPOS Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-002038

Discussion

Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical that the user reauthenticate.

Check Content

For AHV, this requirement is Not Applicable.

Confirm Nutanix OS is configured as shown for reauthentication in the sudoers file:

$ grep -i nopasswd /etc/sudoers /etc/sudoers.d/*

If any occurrences of "NOPASSWD" are returned from the command and have not been documented with the information system security officer (ISSO) as an organizationally defined administrative group using multifactor authentication (MFA), this is a finding.

Fix Text

Remove occurrences of "NOPASSWD". 

1. For AOS, use the following command.

salt-call state.sls security/CVM/manualCVM

2. For Prism Central, use the following command.

salt-call state.sls security/PCVM/manualPCVM

3. For Files, use the following command.

salt-call state.sls security/AFS/manualAFS

4. The AHV hypervisor does not support local interactive user accounts. AHV has been designed and configured to run essentially headless. The only accounts allowed on AHV are the preconfigured system accounts.