Skip to content

Citrix Virtual Apps and Desktop 7.x License Server Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000090

    <GroupDescription></GroupDescription>
    Group
  • Citrix License Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.

    &lt;VulnDiscussion&gt;Without the capability to restrict the roles and individuals that can select which events are audited, unauthorized personnel...
    Rule Medium Severity
  • SRG-APP-000219

    <GroupDescription></GroupDescription>
    Group
  • Citrix License Server must protect the authenticity of communications sessions.

    &lt;VulnDiscussion&gt;Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false in...
    Rule Medium Severity
  • SRG-APP-000400

    <GroupDescription></GroupDescription>
    Group
  • Citrix License Server must prohibit the use of cached authenticators after an organization-defined time period.

    &lt;VulnDiscussion&gt;If cached authentication information is out of date, the validity of the authentication information may be questionable.&lt;/...
    Rule Medium Severity
  • SRG-APP-000439

    <GroupDescription></GroupDescription>
    Group
  • Citrix License Server must protect the confidentiality and integrity of transmitted information.

    &lt;VulnDiscussion&gt;Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communi...
    Rule Medium Severity
  • SRG-APP-000440

    <GroupDescription></GroupDescription>
    Group
  • Citrix License Server must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution Systems (PDS).

    &lt;VulnDiscussion&gt;Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mec...
    Rule High Severity
  • SRG-APP-000442

    <GroupDescription></GroupDescription>
    Group
  • Citrix License Server must maintain the confidentiality and integrity of information during reception.

    &lt;VulnDiscussion&gt;Information can be unintentionally or maliciously disclosed or modified during reception including, for example, during aggre...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules