Check: CXEN-LS-000880
Citrix XenDesktop 7.x License Server STIG:
CXEN-LS-000880
(in versions v1 r3 through v1 r1)
Title
XenDesktop License Server must prohibit the use of cached authenticators after an organization-defined time period. (Cat II impact)
Discussion
If cached authentication information is out of date, the validity of the authentication information may be questionable.
Check Content
1. Click "Administration" and select the "Server Configuration" tab. 2. Click the "Web Server Configuration" bar and "Session Timeout". 3. Verify Session Timeout is set to “10”. If Session Timeout is not set to “10”, this is a finding.
Fix Text
1. Click "Administration" and select the "Server Configuration" tab. 2. Click the Web Server Configuration bar. 3. For Session Timeout, enter the value of “10” (minutes).
Additional Identifiers
Rule ID: SV-96133r1_rule
Vulnerability ID: V-81419
Group Title: SRG-APP-000400
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002007 |
The information system prohibits the use of cached authenticators after an organization-defined time period. |
Controls
Number | Title |
---|---|
IA-5 (13) |
Expiration Of Cached Authenticators |