32
Threat modeling is used to assess and mitigate customer
risk from code changes. SecDL testing is fully automated
during development, and all security-related code modifica-
tions are timed during minor releases to minimize risk.
The Nutanix Security Technical Implementation Guide
(STIG) is written in the eXtensible Configuration Checklist
Description Format (XCCDF), allowing it to be read by
various automated assessment tools, such as Host Based
Security System (HBSS). This provides detailed information
on how to assess a Nutanix system to determine compliance
with the STIG requirement, cutting down the accreditation
time from 9-12months to a matter of minutes.
SECURITY AUTOMATION
Acropolis uses mature and well-adopted open source tech-
nology to self-heal any deviation from the security baseline
configuration of the operating system and AHV.
Most systems are only fully secure at the time of deployment
and immediately after audit. With Nutanix, you can make
sure that your systems always adhere to your security base-
line. Deviations caused by incorrect or unauthorized changes
can be automatically corrected to maintain compliance.
