STIGQter STIGQter: STIG Summary: Citrix Virtual Apps and Desktop 7.x Delivery Controller Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

Citrix Delivery Controller must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.

DISA Rule

SV-234569r628794_rule

Vulnerability Number

V-234569

Group Title

SRG-APP-000516

Rule Version

CVAD-DC-001235

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To ensure that Citrix Delivery Controller and all other infrastructure server components are installable and manageable by authorized administrative accounts, the following policies must be modified:

Go to Computer Configuration Policies >> Windows Settings >> Security Settings >> Local Policies/User Rights Assignment.
1. Edit "Allow log on locally".
2. Edit "Shut down the system".
3. Change both settings to the global security group name containing the XenApp or CVAD administrators.

Check Contents

To verify that Citrix Delivery Controller and all other infrastructure server components are installable and manageable by authorized administrative accounts, the following policies must be modified:

Go to Computer Configuration Policies >> Windows Settings >> Security Settings >> Local Policies/User Rights Assignment.

Verify policy settings "Allow log on locally" and "Shut down the system" are both set to the global security group name containing the XenApp or CVAD administrators.

If they are not, this is a finding.

Vulnerability Number

V-234569

Documentable

False

Rule Version

CVAD-DC-001235

Severity Override Guidance

To verify that Citrix Delivery Controller and all other infrastructure server components are installable and manageable by authorized administrative accounts, the following policies must be modified:

Go to Computer Configuration Policies >> Windows Settings >> Security Settings >> Local Policies/User Rights Assignment.

Verify policy settings "Allow log on locally" and "Shut down the system" are both set to the global security group name containing the XenApp or CVAD administrators.

If they are not, this is a finding.

Check Content Reference

M

Target Key

5270

Comments