Citrix Workspace must accept Personal Identity Verification (PIV) credentials.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-234262 | CVAD-WS-000855 | SV-234262r640183_rule | Medium |
| Description |
|---|
| The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the Common Access Card (CAC) to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems. Satisfies: SRG-APP-000391, SRG-APP-000392 |
| STIG | Date |
|---|---|
| Citrix Virtual Apps and Desktop 7.x Workspace App Security Technical Implementation Guide | 2021-12-10 |
Details
| Check Text ( C-37447r640181_chk ) |
|---|
| Verify the policy value for Administrative Templates >> Citrix Components >> Citrix Workspace >> User authentication >> "Smart card authentication" is not set to "Disabled". For this setting, "Not Configured" is equivalent to "Enabled". If the "Smart card authentication" policy is set to "Disabled", this is a finding. |
| Fix Text (F-37412r640182_fix) |
|---|
| Set the policy value for Administrative Templates >> Citrix Components >> Citrix Workspace >> User authentication >> "Smart card authentication" to "Enabled" and check the "Allow smart card authentication" box. If the environment leverages PIN pass-through, also check the "Use pass-through authentication for PIN" box. |