Skip to content

I - Mission Critical Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • The Horizon Agent must only run allowed scripts on user connect.

    &lt;VulnDiscussion&gt;The Horizon Agent has the capability to run scripts on user connect, disconnect, and reconnect. While this can be useful in s...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • The Horizon Agent must only run allowed scripts on user disconnect.

    &lt;VulnDiscussion&gt;The Horizon Agent has the capability to run scripts on user connect, disconnect, and reconnect. While this can be useful in s...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • The Horizon Agent must only run allowed scripts on user reconnect.

    &lt;VulnDiscussion&gt;The Horizon Agent has the capability to run scripts on user connect, disconnect, and reconnect. While this can be useful in s...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • The Horizon Agent must check the entire chain when validating certificates.

    &lt;VulnDiscussion&gt;Any time the Horizon Agent establishes an outgoing TLS connection, it verifies the server certificate revocation status. By d...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • The Horizon Agent must set an idle timeout.

    &lt;VulnDiscussion&gt;Idle sessions are at increased risk of being hijacked. If a user has stepped away from their desk and is no long in positive ...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • The Horizon Agent must block server to client clipboard actions for Blast.

    &lt;VulnDiscussion&gt;Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • The Horizon Agent must block server to client clipboard actions for PCoIP.

    &lt;VulnDiscussion&gt;Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • The Horizon Agent must not allow file transfers through HTML Access.

    &lt;VulnDiscussion&gt;Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • The Horizon Agent must not allow drag and drop for Blast.

    &lt;VulnDiscussion&gt;Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • The Horizon Agent must not allow drag and drop for PCoIP.

    &lt;VulnDiscussion&gt;Data loss prevention is a primary concern for the DoD, maintaining positive control of data at all times and only allowing fl...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules