VMware Horizon 7.13 Connection Server Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000516-AS-000237
Group -
The PCoIP Secure Gateway must be configured with a DoD-issued TLS certificate.
The DoD will only accept PKI certificates obtained from a DoD-approved internal or external certificate authority (CA). If the CA used for verifying the certificate is not a DoD-approved CA, trust ...Rule Medium Severity -
SRG-APP-000516-AS-000237
Group -
The Horizon Connection Server must not allow unauthenticated access.
When the Horizon native smart card capability is not set to "Required", the option for "Unauthenticated Access" is enabled. This would be true in the case of an external IdP providing authenticatio...Rule Medium Severity -
SRG-APP-000516-AS-000237
Group -
The Horizon Connection Server must be configured to restrict USB passthrough access.
One of the many benefits of VDI is the separation of the end user from the "desktop" they are accessing. This helps mitigate the risks imposed by physical access. In a traditional desktop scenario,...Rule Medium Severity -
SRG-APP-000516-AS-000237
Group -
The Horizon Connection Server must prevent MIME type sniffing.
MIME types define how a given type of file is intended to be processed by the browser. Modern browsers are capable of determining the content type of a file by byte headers and content inspection a...Rule Medium Severity -
SRG-APP-000456-AS-000266
Group -
All Horizon components must be running supported versions.
Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (incl...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.