Nutanix AOS must accept Federal Identity, Credential, and Access Management (FICAM)-approved third-party credentials.

Access may be denied to legitimate users if FICAM-approved third-party credentials are not accepted. This requirement typically applies to organizational information systems that are accessible to nonfederal government agencies and other partners. This allows federal government-relying parties to trust such credentials at their approved assurance levels. Third-party credentials are those credentials issued by nonfederal government entities approved by the FICAM Trust Framework Solutions initiative.

If configured, Confirm the Nutanix VM application server Prism Element is configured to accept FICAM-approved third party credentials. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to Authentication settings. 4. Verify a SAML-based identity provider is configured. If a SAML-based identity provider is not configured, this is a finding.

Configure the Nutanix VM application server Prism Element to use FICAM authentication. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to Authentication settings. 4. Select "Configure SAML Authentication Account" check box, and then do the following in the indicated fields: a. Select the authentication directory that contains the CAC users to authenticate. This list includes the directories that are configured on the directory list tab. b. Service Username: Enter the username in the username@domain.com for the web console to use to log in to the Active Directory. c. Service Password: Enter the password for the service username. d. Click "Enable CAC".