UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

XenDesktop License Server must implement DoD-approved encryption to protect the confidentiality of remote access sessions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-81413 CXEN-LS-000030 SV-96127r1_rule High
Description
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless. Encryption provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection, thereby providing a degree of confidentiality. The encryption strength of the mechanism is selected based on the security categorization of the information.
STIG Date
Citrix XenDesktop 7.x License Server Security Technical Implementation Guide 2019-12-12

Details

Check Text ( C-81153r1_chk )
Open the License Management Console, click "Administration", and select the "Server Configuration" tab.

Click the "Secure Web Server Configuration" bar and verify "Select Enable HTTPS (Default 443)" is selected.

If "Select Enable HTTPS (Default 443)" is not selected, this is a finding.
Fix Text (F-88229r1_fix)
1. Copy a valid server certificate file and server certificate key file to the \\Citrix\Licensing\LS\conf\ folder of the License Server installation directory.
2. Click “Administration” and select the "Server Configuration" tab.
3. Click the "Secure Web Server Configuration" bar.
4. Select "Enable HTTPS (Default 443)".
5. Enter a port for the HTTPS communication.
6. Enter the location of the server certificate file and the server certificate key file.
7. Stop and restart the Citrix Licensing service from the services control panel of the machine running the license server.
NOTE: You may be prompted to log in after "Administration".
Port should be 8082 (or desired port from PPSM group).