STIGQter: STIG Summary: Citrix XenDesktop v7.x StoreFront Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

XenDesktop StoreFront must accept Personal Identity Verification (PIV) credentials.

DISA Rule

SV-96145r1_rule

Vulnerability Number

V-81431

Group Title

SRG-APP-000391

Rule Version

CXEN-SF-000855

Severity

CAT II

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
• CCI-001953 - The information system accepts Personal Identity Verification (PIV) credentials.
• CCI-001954 - The information system electronically verifies Personal Identity Verification (PIV) credentials.
• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.
• CCI-002421 - The information system implements cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by organization-defined alternative physical safeguards.
• CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

10

Fix Recommendation

From the Citrix StoreFront management console >> Store node >> Actions pane >> Manage Authentication Methods, select only the "Smart Card" method.

Check Contents

Open the Citrix StoreFront management console.

Select the "Store" node in the left pane.

In the "Actions" pane, click "Manage Authentication Methods".

Select only the "Smart Card" method.

If the "Smart Card" method is not selected or if other methods are selected, this is a finding.

Note: If a NetScaler Gateway is handling authentication, "Pass-through from NetScaler Gateway" may also be selected, this is not a finding.

Vulnerability Number

V-81431

Documentable

False

Rule Version

CXEN-SF-000855

Severity Override Guidance

Open the Citrix StoreFront management console.

Select the "Store" node in the left pane.

In the "Actions" pane, click "Manage Authentication Methods".

Select only the "Smart Card" method.

If the "Smart Card" method is not selected or if other methods are selected, this is a finding.

Note: If a NetScaler Gateway is handling authentication, "Pass-through from NetScaler Gateway" may also be selected, this is not a finding.

Check Content Reference

M

Target Key

3295

Comments