Cyber · Trackr The Free Compliance Library
⌘K
DoD Compliance · STIG

Citrix Virtual Apps and Desktop 7.x Workspace App Security Technical Implementation Guide

V1R2 · · · Released 27 Jan 2022 · 1 rules
Compare

Pick two releases to diff their requirements.

View

Open a previous version of this STIG.

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.
Digest of Updates vs. V1R1 · 28 Jan 2021 −1

Comparison against the immediately-prior release (V1R1). Rule matching uses the Group Vuln ID. Content-change detection compares the rule’s description, check, and fix text after stripping inline markup — cosmetic-only edits aren’t flagged.

Removed rules 1

  • V-234261 High Citrix Workspace must implement DoD-approved encryption.
Sort by
b
Citrix Workspace must accept Personal Identity Verification (PIV) credentials.
IA-2 - Medium - CCI-001953 - V-234262 - SV-234262r640183_rule
RMF Control
IA-2
Severity
M
CCI
CCI-001953
Version
CVAD-WS-000855
Vuln IDs
  • V-234262
Rule IDs
  • SV-234262r640183_rule
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the Common Access Card (CAC) to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems. Satisfies: SRG-APP-000391, SRG-APP-000392
Checks: C-37447r640181_chk

Verify the policy value for Administrative Templates >> Citrix Components >> Citrix Workspace >> User authentication >> "Smart card authentication" is not set to "Disabled". For this setting, "Not Configured" is equivalent to "Enabled". If the "Smart card authentication" policy is set to "Disabled", this is a finding.

Fix: F-37412r640182_fix

Set the policy value for Administrative Templates >> Citrix Components >> Citrix Workspace >> User authentication >> "Smart card authentication" to "Enabled" and check the "Allow smart card authentication" box. If the environment leverages PIN pass-through, also check the "Use pass-through authentication for PIN" box.