STIGQter: STIG Summary: Citrix Virtual Apps and Desktop 7.x Linux Virtual Delivery Agent Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

The application must initiate a session lock after a 15-minute period of inactivity.

DISA Rule

SV-234256r628796_rule

Vulnerability Number

V-234256

Group Title

SRG-APP-000003

Rule Version

LVDA-VD-000015

Severity

CAT II

CCI(s)

• CCI-000057 - The information system initiates a session lock after the organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Set value for Idle Timer
/opt/Citrix/VDA/bin/ctxreg update -k "HKLM\System\CurrentControlSet\Control\Citrix\WinStations\cgp" -v "MaxIdleTime" -d "0x0000000F"
/opt/Citrix/VDA/bin/ctxreg update -k "HKLM\System\CurrentControlSet\Control\Citrix\WinStations\tcp" -v "MaxIdleTime" -d "0x0000000F"
/opt/Citrix/VDA/bin/ctxreg update -k "HKLM\System\CurrentControlSet\Control\Citrix\WinStations\ssl" -v "MaxIdleTime" -d "0x0000000F"
where "0x0000000F" is hexadecimal for 15

Check Contents

All timer values are defined in the registration table. Retrieve current value using the following command:

/opt/Citrix/VDA/bin/ctxreg,

/opt/Citrix/VDA/bin/ctxreg dump |grep MaxIdleTime

If MaxIdleTime is not set to "15 minutes" or less, this is a finding.

Vulnerability Number

V-234256

Documentable

False

Rule Version

LVDA-VD-000015

Severity Override Guidance

All timer values are defined in the registration table. Retrieve current value using the following command:

/opt/Citrix/VDA/bin/ctxreg,

/opt/Citrix/VDA/bin/ctxreg dump |grep MaxIdleTime

If MaxIdleTime is not set to "15 minutes" or less, this is a finding.

Check Content Reference

M

Target Key

5266

Comments