Cyber Trackr - Free Compliance Library
Cyber Trackr
The Free Compliance Library

Citrix Virtual Apps and Desktop 7.x Workspace App Security Technical Implementation Guide

  • Version/Release: V1R2
  • Published: 2021-12-10
  • Expand All:
  • Severity:
  • Sort:
Compare

Select any two versions of this STIG to compare the individual requirements

View

Select any old version/release of this STIG to view the previous requirements

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.
b
Citrix Workspace must accept Personal Identity Verification (PIV) credentials.
IA-2 - Medium - CCI-001953 - V-234262 - SV-234262r640183_rule
RMF Control
IA-2
Severity
Medium
CCI
CCI-001953
Version
CVAD-WS-000855
Vuln IDs
  • V-234262
Rule IDs
  • SV-234262r640183_rule
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the Common Access Card (CAC) to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems. Satisfies: SRG-APP-000391, SRG-APP-000392
Checks: C-37447r640181_chk

Verify the policy value for Administrative Templates >> Citrix Components >> Citrix Workspace >> User authentication >> "Smart card authentication" is not set to "Disabled". For this setting, "Not Configured" is equivalent to "Enabled". If the "Smart card authentication" policy is set to "Disabled", this is a finding.

Fix: F-37412r640182_fix

Set the policy value for Administrative Templates >> Citrix Components >> Citrix Workspace >> User authentication >> "Smart card authentication" to "Enabled" and check the "Allow smart card authentication" box. If the environment leverages PIN pass-through, also check the "Use pass-through authentication for PIN" box.