Citrix Virtual Apps and Desktop 7.x License Server Security Technical Implementation Guide

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Citrix Virtual Apps and Desktop 7.x License Server Security Technical Implementation Guide

Overview

Version	Date	Finding Count (7)			Downloads
1	2021-02-01	CAT I (High): 2	CAT II (Med): 5	CAT III (Low): 0	Excel	JSON	XML

STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC II - Mission Support Sensitive)

Finding ID	Severity	Title	Description
V-234227	High	Citrix License Server must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution Systems (PDS).	Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mechanisms implemented to protect information integrity include, for...
V-234222	High	Citrix License Server must implement DoD-approved encryption to protect the confidentiality of remote access sessions.	Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Remote access is access to DoD nonpublic information...
V-234226	Medium	Citrix License Server must protect the confidentiality and integrity of transmitted information.	Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and read or altered. This requirement...
V-234224	Medium	Citrix License Server must protect the authenticity of communications sessions.	Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. Application communication sessions are...
V-234225	Medium	Citrix License Server must prohibit the use of cached authenticators after an organization-defined time period.	If cached authentication information is out of date, the validity of the authentication information may be questionable.
V-234223	Medium	Citrix License Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.	Without the capability to restrict the roles and individuals that can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured...
V-234228	Medium	Citrix License Server must maintain the confidentiality and integrity of information during reception.	Information can be unintentionally or maliciously disclosed or modified during reception including, for example, during aggregation, at protocol transformation points, and during...