Discussed in my previous post, Nutanix NOS 4.1.1 and the SecDL, we have released three new Nutanix Security Technical Implementation Guides (STIGs) embedded within NOS 4.1.1. In this post we will take a quick look at what the Nutanix methodology is around the creation of all three.
Those of you in the Federal or high-governance spaces are more than familiar with NIST and DISA provided security requirements. NIST being in the form of Special Publications (SP) and DISA providing Security Requirements Guides (SRG). These are the building blocks of all STIGs and hardening guidelines in the industry. Typically a great deal of research and development goes into the documentation of these requirements by the respective parties. That being said they are, for all intents and purposes, general purpose guidelines only. That is exactly what they are meant to be. However, we do not function daily in a world of general purpose. We need to take the general purpose and abstract into the specific purpose to be truly beneficial in the data center.