The Horizon Agent must audit clipboard actions for PCoIP.

An XCCDF Rule

Description

<VulnDiscussion>Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing flows over channels that are for that explicit purpose and monitored appropriately. By default, the PCoIP protocol on the Horizon Agent will block clipboard "copy/paste" actions from the desktop to the client but allow actions from the client to the desktop. All such allowed actions must be audited for potential future forensic purposes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-246872r768576_rule
Severity: Medium
References: CCI-000366
Updated: about 1 year ago

Ensure the vdm_agent*.admx templates are added. Open the "Group Policy Management" MMC snap-in. Open the site-specific GPO applying Horizon settings to the VDI desktops or RDS hosts.

Navigate to Computer Configuration >> Policies >> Administrative Templates >> PCoIP Session Variables >> Overridable Administrator Settings. Double-click the "Configure clipboard audit" setting.

Click the radio button next to "Enabled".
In the drop-down under "Configure clipboard audit", select "Enabled in both directions". Click "OK".

The Horizon Agent must audit clipboard actions for PCoIP.

Description

Remediation - Manual Procedure