I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must have Origin Checking enabled.
<VulnDiscussion>RFC 6454 Origin Checking, which protects against cross-site request forging, is enabled by default on the Horizon Connection ...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must enable the Content Security Policy.
<VulnDiscussion>The Horizon Connection Server Content Security Policy (CSP) feature mitigates a broad class of content injection vulnerabilit...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must enable the proper Content Security Policy directives.
<VulnDiscussion>The Horizon Connection Server Content Security Policy (CSP) feature mitigates a broad class of content injection vulnerabilit...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The PCoIP Secure Gateway must be configured with a DoD-issued TLS certificate.
<VulnDiscussion>The DoD will only accept PKI certificates obtained from a DoD-approved internal or external certificate authority (CA). If th...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must not allow unauthenticated access.
<VulnDiscussion>When the Horizon native smart card capability is not set to "Required", the option for "Unauthenticated Access" is enabled. T...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must require CAC reauthentication after user idle timeouts.
<VulnDiscussion>If a user VDI session times out due to activity, the user must be assumed to not be active and have their resource locked. Th...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must be configured to restrict USB passthrough access.
<VulnDiscussion>One of the many benefits of VDI is the separation of the end user from the "desktop" they are accessing. This helps mitigate ...Rule Medium Severity -
SRG-APP-000516-AS-000237
<GroupDescription></GroupDescription>Group -
The Horizon Connection Server must prevent MIME type sniffing.
<VulnDiscussion>MIME types define how a given type of file is intended to be processed by the browser. Modern browsers are capable of determi...Rule Medium Severity -
SRG-APP-000456-AS-000266
<GroupDescription></GroupDescription>Group -
All Horizon components must be running supported versions.
<VulnDiscussion>Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products t...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.