Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
VMware Horizon 7.13 Connection Server Security Technical Implementation Guide
SRG-APP-000220-AS-000148
SRG-APP-000220-AS-000148
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000220-AS-000148
1 Rule
<GroupDescription></GroupDescription>
The Horizon Connection Server must time out administrative sessions after 15 minutes or less.
Medium Severity
<VulnDiscussion>If communications sessions remain open for extended periods of time even when unused, there is the potential for an adversary to hijack the session and use it to gain access to the system. Horizon 7 Console sessions can and must be limited in the amount of idle time that will be allowed before automatic logoff. By default, 30 minutes of idle time is allowed but this must be changed to 15 minutes or less for DoD systems. This configuration must be verified and maintained over time. Satisfies: SRG-APP-000220-AS-000148, SRG-APP-000295-AS-000263, SRG-APP-000389-AS-000253</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>