| V-234227 ||High ||Citrix License Server must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution Systems (PDS). ||Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mechanisms implemented to protect information integrity include, for... |
| V-234222 ||High ||Citrix License Server must implement DoD-approved encryption to protect the confidentiality of remote access sessions. ||Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
Remote access is access to DoD nonpublic information... |
| V-234226 ||Medium ||Citrix License Server must protect the confidentiality and integrity of transmitted information. ||Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and read or altered.
This requirement... |
| V-234224 ||Medium ||Citrix License Server must protect the authenticity of communications sessions. ||Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions.
Application communication sessions are... |
| V-234225 ||Medium ||Citrix License Server must prohibit the use of cached authenticators after an organization-defined time period. ||If cached authentication information is out of date, the validity of the authentication information may be questionable. |
| V-234223 ||Medium ||Citrix License Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. ||Without the capability to restrict the roles and individuals that can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured... |
| V-234228 ||Medium ||Citrix License Server must maintain the confidentiality and integrity of information during reception. ||Information can be unintentionally or maliciously disclosed or modified during reception including, for example, during aggregation, at protocol transformation points, and during... |