Issue link: https://insights.oneneck.com/i/1450344
CHAPTER 6 Securing Next-Generation Hyperconverged Infrastructure 49 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Supporting Regulatory Compliance Although security and compliance are separate topics, they are somewhat related because most security and privacy regulations and standards are based on security best practices. Some exam- ples of these regulations and standards include: » General Data Protection Regulation (GDPR): This European Union (EU) regulation requires organizations (regardless of whether or not they are located in the EU) to protect the privacy of EU residents and guarantees certain individual rights, such as the right to have inaccu- rate data correct and the right to be forgotten (have their data permanently deleted). » Health Insurance Portability and Accountability Act (HIPAA): This U.S. regulation safeguards protected health information (PHI) that is processed or stored about individu- als by any covered entity, such as healthcare organizations and payment providers, among others. » Payment Card Industry Data Security Standard (PCI DSS). This global industry standard protects the processing, trans- mission, and storage of payment card (such as credit and debit cards) information. Keeping up with secure configurations and compliance can be a big task. To help take some of the compliance pressure off, Nutanix publishes custom security baseline documents based on U.S. Department of Defense (DoD) Security Technical Implemen- tation Guides (STIGs). These configuration guides cover the entire infrastructure stack and prescribe steps to secure deployment in the field. Nutanix baselines are based on common National Insti- tute of Standards and Technology (NIST) standards that can be applied to multiple regulatory requirements for government, healthcare, finance, retail, and other industries. To further sim- plify, these guides are applied in the factory and backed by built- in, automated configuration, compliance audit, and remediation functions to reduce the risk of security configuration drift or fall- ing out of compliance. Nutanix also follows and complies with several security certifica- tions and standards including validated FIPS 140-2 cryptographic modules, National Security Agency (NSA) Suite B support (to Top Secret), NIST SP800-131A, and others.