STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Nutanix AOS 5.20.x OS Security Technical Implementation Guide

V-254204

CAT II (Medium)

Nutanix AOS must require users to reauthenticate for privilege escalation.

Rule ID

SV-254204r987879_rule

STIG

Nutanix AOS 5.20.x OS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002038

Discussion

Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate. Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158

Check Content

Confirm Nutanix AOS is configured as shown for reauthentication in the sudoers file.

$ grep -i nopasswd /etc/sudoers /etc/sudoers.d/*

If any occurrences of "NOPASSWD" are returned from the command and have not been documented with the Information System Security Officer (ISSO) as an organizationally defined administrative group utilizing MFA, this is a finding.

Fix Text

If any occurrences of "NOPASSWD" found are not documented with the ISSO need to be removed. Configure Nutanix AOS to meet this requirement run the following command:

salt-call state.sls security/CVM/manualCVM