The new security capabilities are available with Nutanix Operating System (NOS) 4.1 software, and help IT security teams meet stringent standards like HIPAA, PCI DSS and SOX. Nutanix hardware platforms now meet a number of certification standards including FIPS 140-2, NSA Suite B support (to Top Secret), Common Criteria EAL2+, NIST-SP800-131A and others. Security features available in this release include:
• Self-encrypting drives to secure data at rest, compliant with FIPS 140-2 Level 2 standards
• Strong two-factor authentication, including the use of client certificates, to prevent unauthorised administrator log-ins
• Nutanix Cluster Shield to limit administrator access in security-conscious environments by restricting shell logins
“Security is required across the entire datacentre architecture, including server and storage systems. Unfortunately, legacy infrastructure components often lack the necessary controls and fail to meet common certification requirements,” said Simon Mijolovic, Senior Security Solutions Architect at Nutanix. “Nutanix hyper-converged solutions integrate server and storage resources into a turnkey appliance, giving IT teams a single point of control to strongly protect data, secure administrator privileges and meet security certification requirements.”
The Nutanix security development lifecycle integrates security directly into the software development process, enabling automated testing and threat modeling to comprehensively assess and mitigate security risks before software is deemed production ready. Nutanix has also developed its own comprehensive Security Technical Implementation Guide (STIG) written in open XCCDF.xml format to support the Security Content Automation Protocol (SCAP) standard. This machine-readable code eliminates time-consuming testing by enterprise security teams and cuts the typical 9-12 month accreditation process for the DIACAP/DIARMF transition to just 30 minutes.
"Nutanix continues to provide innovative solutions to improve IT security across federal government organisations,” said Robert Sanchious, CEO/Chief of Engineering, SHR Consulting Group. “By publishing and testing to their own STIG incorporating DOD STIG guidelines, Nutanix has eliminated the need for time-consuming testing by customers and end-users, allowing us to bring innovative technology into government enterprises.”