Nutanix AOS must conform to Federal Identity, Credential, and Access Management (FICAM)-issued profiles.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-279444 | SRG-APP-000405-AS-000250 | NXAC-AS-000043 | SV-279444r1192356_rule | 2026-02-24 | 1 |
Description
Without conforming to FICAM-issued profiles, the information system may not be interoperable with FICAM-authentication protocols, such as SAML 2.0 and OpenID 2.0.
This requirement addresses open identity management standards.
ℹ️ Check
Confirm the Nutanix VM application server Prism Element is configured to accept FICAM-approved third party credentials.
1. Log in to Prism Element.
2. Click the gear icon in the upper-right corner.
3. Navigate to Authentication settings.
4. Verify a SAML-based identity provider is configured.
If a SAML-based identity provider is not configured this is a finding.
✔️ Fix
Configure the Nutanix VM application server Prism Element to use FICAM authentication.
1. Log in to Prism Element.
2. Click the gear icon in the upper-right corner.
3. Navigate to Authentication settings.
4. Select the "Configure SAML Authentication Account" check box, and then do the following in the indicated fields:
a. Select the authentication directory that contains the CAC users to authenticate. This list includes the directories that are configured on the Directory List tab.
b. Service Username: Enter the username in the username@domain.com format that you want the web console to use to log in to the Active Directory.
c. Service Password: Enter the password for the service username.
d. Click "Enable CAC".