VMware Horizon 7.13 Agent Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must only run allowed scripts on user connect.
<VulnDiscussion>The Horizon Agent has the capability to run scripts on user connect, disconnect, and reconnect. While this can be useful in s...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must only run allowed scripts on user disconnect.
<VulnDiscussion>The Horizon Agent has the capability to run scripts on user connect, disconnect, and reconnect. While this can be useful in s...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must only run allowed scripts on user reconnect.
<VulnDiscussion>The Horizon Agent has the capability to run scripts on user connect, disconnect, and reconnect. While this can be useful in s...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must check the entire chain when validating certificates.
<VulnDiscussion>Any time the Horizon Agent establishes an outgoing TLS connection, it verifies the server certificate revocation status. By d...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must set an idle timeout.
<VulnDiscussion>Idle sessions are at increased risk of being hijacked. If a user has stepped away from their desk and is no long in positive ...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must block server to client clipboard actions for Blast.
<VulnDiscussion>Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must block server to client clipboard actions for PCoIP.
<VulnDiscussion>Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must not allow file transfers through HTML Access.
<VulnDiscussion>Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must not allow drag and drop for Blast.
<VulnDiscussion>Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must not allow drag and drop for PCoIP.
<VulnDiscussion>Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must audit clipboard actions for Blast.
<VulnDiscussion>Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent must audit clipboard actions for PCoIP.
<VulnDiscussion>Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Agent desktops must not allow client drive redirection.
<VulnDiscussion>Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...Rule Medium Severity -
The Horizon Agent must block USB mass storage.
<VulnDiscussion>The Horizon Agent has the capability to granularly control what, if any, USB devices are allowed to be passed from the local ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.