Checklist Summary:

The Nutanix Acropolis STIG provides technical security configuration and assessment controls for the Nutanix hyper-converged infrastructure (HCI) platform and components.The Nutanix platform is designed to simplify and modernize data center operations. It integrates compute, storage, and networking into a single software-defined solution, eliminating the need for traditional infrastructure. Nutanix clusters consist of multiple nodes, each containing compute, storage, and networking resources. These nodes work together to form a unified pool of resources. This architecture is designed to support hybrid cloud environments, enabling seamless integration with public cloud services while maintaining on-premises control.Key components of the architecture include: The Acropolis Operating System (AOS) provides a distributed storage fabric, application mobility, and virtualization capabilities. The Controller Virtual Machine (CVM) is a virtual storage appliance. CVM holds all Controller VMs and interfaces (i.e., Prism Element web console, nCLI, and SSH). The CVM is responsible for ensuring the efficient operation of the cluster by handling tasks such as resource allocation, data replication, and cluster-wide communication. It operates as a virtual machine on each node within a Nutanix cluster and serves as the control plane for managing and orchestrating the clusters resources, including storage, compute, and networking. Acropolis Hypervisor (AHV) is a built-in hypervisor that simplifies virtualization management for enterprise applications. While AHV focuses on virtualization, CVM handles the management and coordination of workloads. Prism Element is a user interface tool for CVM, providing a configuration interface for management of a single cluster. Prism Central provides a centralized management interface for monitoring and managing the entire infrastructure, including multiple Nutanix clusters from a single interface. Prism Central does not require a license for basic functionality, but advanced features (e.g., Prism Pro) may require additional licensing. Nutanix Files is included in the scope of the current STIG but is not a required component for DOD implementation. Files is a software-defined file storage solution that allows the sharing of files in a centralized and protected location to eliminate the requirement for a third-party file server. Files offerings also include File Analytics for statistics and monitoring of file servers, and the Files Manager for a unified control plane of all file servers and the deployment of file servers in Prism Central.

Checklist Role:

• Operating System

Known Issues:

Not provided.

Target Audience:

Parties within the DOD and federal governments computing environments can obtain the applicable STIG from the DOD Cyber Exchange website at https://cyber.mil/. This site contains the latest copies of STIGs, SRGs, and other related security information. Those without a Common Access Card (CAC) that has DOD Certificates can obtain the STIG from https://public.cyber.mil/.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

This document is provided under the authority of DoDI 8500.01.

Comments/Warnings/Miscellaneous:

DISA accepts no liability for the consequences of applying specific configuration settings made based on the SRGs/STIGs. It must be noted that the configuration settings specified should be evaluated in a local, representative test environment before implementation in a production environment, especially within large user populations. The extensive variety of environments makes it impossible to test these configuration settings for all potential software configurations.For some production environments, failure to test before implementation may lead to a loss of required functionality. Evaluating the risks and benefits to a systems particular circumstances and requirements is the system owners responsibility. The evaluated risks resulting from not applying specified configuration settings must be approved by the responsible AO. Furthermore, DISA implies no warranty that the application of all specified configurations will make a system 100 percent secure.Security guidance is provided for the DOD. While other agencies and organizations are free to use it, care must be given to ensure that all applicable security guidance is applied at both the device hardening level and the architectural level due to the fact that some settings may not be configurable in environments outside the DOD architecture.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

[email protected]

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 03/03/2026