Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
VMware Horizon 7.13 Connection Server Security Technical Implementation Guide
SRG-APP-000516-AS-000237
SRG-APP-000516-AS-000237
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000516-AS-000237
1 Rule
<GroupDescription></GroupDescription>
The Horizon Connection Server must disconnect users after a maximum of ten hours.
Medium Severity
<VulnDiscussion>Horizon Connection Server is intended to provide remote desktops and applications, generally during working hours and for no more than an extended workday. Leaving sessions active for more than what is reasonable for a work day leaves open the possibility of a session becoming unoccupied and insecure on the client side. For example, if a client connection is opened at 0900, there are few day-to-day reasons that the connection should still be open after 1900, therefore the connection must be terminated. If the user is still active, they can reauthenticate immediately and get back on for another ten hours.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>