Hello,
We are currently evaluating Sonatype Nexus Repository for enterprise-wide use and are working on aligning the product with our internal security and compliance requirements.
As part of this process, we would like to understand whether there are any official or vendor-recommended STIGs (Security Technical Implementation Guides) or equivalent security hardening baselines available specifically for Sonatype Nexus Repository.
In particular, we are interested in:
-
Any official STIGs (e.g. DISA STIG or Sonatype-provided guidance)
-
Recommended security hardening guidelines or benchmarks
-
Best practices for deploying Nexus in regulated or security-sensitive environments
-
References to documentation that can be used to support internal security reviews and audits
The reason for this question is that we need to implement Nexus in a corporate environment where formal security validation and documentation are required. Having an official STIG or equivalent guidance would significantly help with internal approvals and compliance.
Any pointers, documentation links, or best‑practice recommendations would be greatly appreciated.
Thank you in advance for your support.
Regards,
JAcek