Citrix XenDesktop 7.x Delivery Controller Security Technical Implementation Guide

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]


Version / Release: V1R2

Published: 2019-03-19

Updated At: 2019-05-03 21:23:55

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements




Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-96117r1_rule CXEN-DC-000005 CCI-000054 MEDIUM Delivery Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types. Application management includes the ability to control the number of users and user sessions that utilize an application. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to Denial-of-Service (DoS) attacks.
    SV-96119r1_rule CXEN-DC-000030 CCI-000068 HIGH Delivery Controller must implement DoD-approved encryption. Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) c
    SV-96121r1_rule CXEN-DC-000270 CCI-000381 MEDIUM Delivery Controller must be configured to disable non-essential capabilities. It is detrimental for applications to provide or install by default functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to t
    SV-96123r1_rule CXEN-DC-001225 CCI-002450 HIGH Delivery Controller must implement NIST FIPS-validated cryptography for the following: to provision digital signatures; to generate cryptographic hashes; and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The application must implement cryptographic modules adhering to the higher standards approved by the Federal Government since this provides assuran
    SV-96125r1_rule CXEN-DC-001235 CCI-000366 MEDIUM Delivery Controller must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. Configuring the application to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security p