UCF STIG Viewer Logo

The Horizon Connection Server must only use FIPS 140-2 validated cryptographic modules.


Finding ID Version Rule ID IA Controls Severity
V-246893 HRZV-7X-000012 SV-246893r768639_rule High
Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised due to weak algorithms or poor implementation. The Horizon Connection Server can be configured to exclusively use FIPS 140-2 validated cryptographic modules but only at installation time, not post deployment. Reference VMware documentation for up-to-date requirements for enabling FIPS in Horizon View. Satisfies: SRG-APP-000179-AS-000129, SRG-APP-000224-AS-000152, SRG-APP-000416-AS-000140
VMware Horizon 7.13 Connection Server Security Technical Implementation Guide 2021-07-30


Check Text ( C-50325r768637_chk )
On the Horizon Connection Server, launch an elevated command prompt. Run the following commands:

# cd C:\ProgramData\VMware\VDM
# findstr /C:"Broker started in FIPS mode" log-*.txt

If the "findstr" command produces no output, this is a finding.
Fix Text (F-50279r768638_fix)
FIPS mode can only be implemented during installation. Reinstall the Horizon Connection server and select the option to enable FIPS mode (after the IP configuration).

Note: The Connection Server can only be installed in FIPS mode if Windows Server itself is running in FIPS mode.