Citrix XenDesktop 7.x License Server Security Technical Implementation Guide

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]


Version / Release: V1R1

Published: 2018-08-28

Updated At: 2018-10-11 21:50:11

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements




Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-96127r1_rule CXEN-LS-000030 CCI-000068 HIGH XenDesktop License Server must implement DoD-approved encryption to protect the confidentiality of remote access sessions. Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) c
    SV-96129r1_rule CXEN-LS-000135 CCI-000171 MEDIUM XenDesktop License Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming th
    SV-96131r1_rule CXEN-LS-000480 CCI-001184 MEDIUM XenDesktop License Server must protect the authenticity of communications sessions. Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions. Application communication sessions are protected using transport encryption protocols, such as SSL or TL
    SV-96133r1_rule CXEN-LS-000880 CCI-002007 MEDIUM XenDesktop License Server must prohibit the use of cached authenticators after an organization-defined time period. If cached authentication information is out of date, the validity of the authentication information may be questionable.
    SV-96135r1_rule CXEN-LS-001000 CCI-002418 MEDIUM XenDesktop License Server must protect the confidentiality and integrity of transmitted information. Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and read or altered. This requirement applies only to applications that are distributed or can allow
    SV-96137r1_rule CXEN-LS-001005 CCI-002421 HIGH XenDesktop License Server must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution Systems (PDS). Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mechanisms implemented to protect information integrity include, for example, cryptographic hash functions that have common applicati
    SV-96139r1_rule CXEN-LS-001015 CCI-002422 MEDIUM XenDesktop License Server must maintain the confidentiality and integrity of information during reception. Information can be unintentionally or maliciously disclosed or modified during reception including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromis