Many users are unaware that there are additional (beyond what is displayed through the Prism web user-interface) configurable security-related options which can be used to increase the security settings of the controller VMs (CVMs) themselves. These options are modified using the Nutanix Command Line Interface (nCLI) of the CVMs and include some of the following items:
Enablement of an Advanced Intrusion Detection Environment (AIDE)
Enforcement of a strong password policy
Enablement of a defense knowledge consent banner
Restriction to allow only SNMP version 3
You can find more information regarding these options, including the procedures to enable/disable them, within the Hardening Controller VM section of the AOS Security Guide. Also to note, there are similar options available for Acropolis Hypervisor (AHV) hosts which are configured using the same procedures. You can find more information regarding those options within the Hardening AHV section of this same guide.