Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
VMware Horizon 7.13 Connection Server Security Technical Implementation Guide
SRG-APP-000516-AS-000237
The Horizon Connection Server must disconnect users after a maximum of ten hours.
The Horizon Connection Server must disconnect users after a maximum of ten hours.
An XCCDF Rule
Details
Profiles
Prose
The Horizon Connection Server must disconnect users after a maximum of ten hours.
Medium Severity
<VulnDiscussion>Horizon Connection Server is intended to provide remote desktops and applications, generally during working hours and for no more than an extended workday. Leaving sessions active for more than what is reasonable for a work day leaves open the possibility of a session becoming unoccupied and insecure on the client side. For example, if a client connection is opened at 0900, there are few day-to-day reasons that the connection should still be open after 1900, therefore the connection must be terminated. If the user is still active, they can reauthenticate immediately and get back on for another ten hours.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>