Check: CVAD-LS-000880
Citrix Virtual Apps and Desktop 7.x License Server STIG:
CVAD-LS-000880
(in version v1 r1)
Title
Citrix License Server must prohibit the use of cached authenticators after an organization-defined time period. (Cat II impact)
Discussion
If cached authentication information is out of date, the validity of the authentication information may be questionable.
Check Content
1. Click "Administration" and select the "Server Configuration" tab. 2. Click the "Web Server Configuration" bar and "Session Timeout". 3. Verify Session Timeout is set to “10”. If Session Timeout is not set to “10”, this is a finding.
Fix Text
1. Click "Administration" and select the "Server Configuration" tab. 2. Click the Web Server Configuration bar. 3. For Session Timeout, enter the value of “10” (minutes).
Additional Identifiers
Rule ID: SV-234225r628795_rule
Vulnerability ID: V-234225
Group Title: SRG-APP-000400
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002007 |
The information system prohibits the use of cached authenticators after an organization-defined time period. |
Controls
Number | Title |
---|---|
IA-5 (13) |
Expiration Of Cached Authenticators |