UCF STIG Viewer Logo

Citrix Virtual Apps and Desktop 7.x License Server Security Technical Implementation Guide


Overview

Date Finding Count (7)
2021-02-01 CAT I (High): 2 CAT II (Med): 5 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-234227 High Citrix License Server must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution Systems (PDS).
V-234222 High Citrix License Server must implement DoD-approved encryption to protect the confidentiality of remote access sessions.
V-234226 Medium Citrix License Server must protect the confidentiality and integrity of transmitted information.
V-234224 Medium Citrix License Server must protect the authenticity of communications sessions.
V-234225 Medium Citrix License Server must prohibit the use of cached authenticators after an organization-defined time period.
V-234223 Medium Citrix License Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
V-234228 Medium Citrix License Server must maintain the confidentiality and integrity of information during reception.