STIGQter: STIG Summary: Citrix Virtual Apps and Desktop 7.x StoreFront Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

Citrix StoreFront server must accept Personal Identity Verification (PIV) credentials.

DISA Rule

SV-234252r628797_rule

Vulnerability Number

V-234252

Group Title

SRG-APP-000391

Rule Version

CVAD-SF-000855

Severity

CAT II

CCI(s)

CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
CCI-001953 - The information system accepts Personal Identity Verification (PIV) credentials.
CCI-001954 - The information system electronically verifies Personal Identity Verification (PIV) credentials.
CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.
CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.
CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

Fix Recommendation

Open the Citrix StoreFront management console and select the "Store" node in the left pane.
For each Store listed, select the store and perform the following:
1) From the Actions menu item, click "Manage Authentication Methods".
2) Check "Smart card" and uncheck any other authentication methods. If using remote access, select "Pass-through from NetScaler Gateway".

Check Contents

Open the Citrix StoreFront management console and select the "Store" node in the left pane.
For each Store listed, select the store and perform the following:
1) From the Actions menu item, click "Manage Authentication Methods".
2) Ensure only "Smart card" is selected. If using remote access "Pass-through from NetScaler Gateway" may also be selected.

If the "Smart Card" method is not selected, or if other methods are selected, this is a finding.
If "Pass-through from NetScaler Gateway" is selected, this is not a finding.

Vulnerability Number

V-234252

Documentable

False

Rule Version

CVAD-SF-000855

Severity Override Guidance

Open the Citrix StoreFront management console and select the "Store" node in the left pane.
For each Store listed, select the store and perform the following:
1) From the Actions menu item, click "Manage Authentication Methods".
2) Ensure only "Smart card" is selected. If using remote access "Pass-through from NetScaler Gateway" may also be selected.

If the "Smart Card" method is not selected, or if other methods are selected, this is a finding.
If "Pass-through from NetScaler Gateway" is selected, this is not a finding.

Check Content Reference

Target Key

5264

Citrix StoreFront server must accept Personal Identity Verification (PIV) credentials.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments