Check: CXEN-SF-000855
Citrix XenDesktop v7.x StoreFront STIG:
CXEN-SF-000855
(in version v1 r1)
Title
XenDesktop StoreFront must accept Personal Identity Verification (PIV) credentials. (Cat II impact)
Discussion
The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems. Satisfies: SRG-APP-000391, SRG-APP-000033, SRG-APP-000392, SRG-APP-000439, SRG-APP-000440, SRG-APP-000442
Check Content
Open the Citrix StoreFront management console. Select the "Store" node in the left pane. In the "Actions" pane, click "Manage Authentication Methods". Select only the "Smart Card" method. If the "Smart Card" method is not selected or if other methods are selected, this is a finding. Note: If a NetScaler Gateway is handling authentication, "Pass-through from NetScaler Gateway" may also be selected, this is not a finding.
Fix Text
From the Citrix StoreFront management console >> Store node >> Actions pane >> Manage Authentication Methods, select only the "Smart Card" method.
Additional Identifiers
Rule ID: SV-96145r1_rule
Vulnerability ID: V-81431
Group Title: SRG-APP-000391
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000213 |
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
CCI-001953 |
The information system accepts Personal Identity Verification (PIV) credentials. |
CCI-001954 |
The information system electronically verifies Personal Identity Verification (PIV) credentials. |
CCI-002418 |
The information system protects the confidentiality and/or integrity of transmitted information. |
CCI-002421 |
The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards. |
CCI-002422 |
The information system maintains the confidentiality and/or integrity of information during reception. |
Controls
Number | Title |
---|---|
AC-3 |
Access Enforcement |
IA-2 (12) |
Acceptance Of Piv Credentials |
SC-8 |
Transmission Confidentiality And Integrity |
SC-8 (1) |
Cryptographic Or Alternate Physical Protection |
SC-8 (2) |
Pre / Post Transmission Handling |