Nutanix OS must provide protected storage for cryptographic keys with organization-defined safeguards and/or hardware protected key store.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-279622 | SRG-OS-000780-GPOS-00240 | NXAC-OS-000191 | SV-279622r1192573_rule | 2026-02-24 | 1 |
Description
A Trusted Platform Module (TPM) is an example of a hardware-protected data store that can be used to protect cryptographic keys.
ℹ️ Check
Verify that the Nutanix OS hardware consists of a hardware TPM module installed and loaded using the following command.
$ sudo lsmod | grep -i tpm
tpm 77824 1 trusted
rng_core 16384 1 tpm
If no lines are returned or if the TPM does not indicate "trusted", this is a finding.
✔️ Fix
Hardware TPM modules consist of a hardware chip that is built into the motherboard of the physical server. If no TPM module exists, then a new physical server is required.
For AHV, if the TPM module exists but is not "trusted' then something has been modified within AHV and the system must be rebuilt from source to correct this issue.