The Horizon Connection Server must only use FIPS 140-2 validated cryptographic modules.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246893 | HRZV-7X-000012 | SV-246893r768639_rule | High |
| Description |
|---|
| Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised due to weak algorithms or poor implementation. The Horizon Connection Server can be configured to exclusively use FIPS 140-2 validated cryptographic modules but only at installation time, not post deployment. Reference VMware documentation for up-to-date requirements for enabling FIPS in Horizon View. Satisfies: SRG-APP-000179-AS-000129, SRG-APP-000224-AS-000152, SRG-APP-000416-AS-000140 |
| STIG | Date |
|---|---|
| VMware Horizon 7.13 Connection Server Security Technical Implementation Guide | 2021-07-30 |
Details
| Check Text ( C-50325r768637_chk ) |
|---|
| On the Horizon Connection Server, launch an elevated command prompt. Run the following commands: # cd C:\ProgramData\VMware\VDM # findstr /C:"Broker started in FIPS mode" log-*.txt If the "findstr" command produces no output, this is a finding. |
| Fix Text (F-50279r768638_fix) |
|---|
| FIPS mode can only be implemented during installation. Reinstall the Horizon Connection server and select the option to enable FIPS mode (after the IP configuration). Note: The Connection Server can only be installed in FIPS mode if Windows Server itself is running in FIPS mode. |