UCF STIG Viewer Logo

VMware Horizon 7.13 Connection Server Security Technical Implementation Guide


Overview

Date Finding Count (35)
2021-07-30 CAT I (High): 6 CAT II (Med): 29 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-246885 High The Horizon Connection Server must force server cipher preference.
V-246884 High The Blast Secure Gateway must be configured to only support TLS 1.2 connections.
V-246883 High The Horizon Connection Server must be configured to only support TLS 1.2 connections.
V-246888 High The Horizon Connection Server must require DoD PKI for administrative logins.
V-246916 High All Horizon components must be running supported versions.
V-246893 High The Horizon Connection Server must only use FIPS 140-2 validated cryptographic modules.
V-246906 Medium The Horizon Connection Server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.
V-246907 Medium The Horizon Connection Server must have X-Frame-Options enabled.
V-246904 Medium The Horizon Connection Server must backup its configuration daily.
V-246905 Medium The Horizon Connection Server Instant Clone domain account must be configured with limited permissions.
V-246902 Medium The Horizon Connection Server must not accept pass-through client credentials.
V-246903 Medium The Horizon Connection Server must require DoD PKI for client logins.
V-246900 Medium The Horizon Connection Server must disconnect applications after two hours of idle time.
V-246901 Medium The Horizon Connection Server must discard SSO credentials after 15 minutes.
V-246908 Medium The Horizon Connection Server must have Origin Checking enabled.
V-246909 Medium The Horizon Connection Server must enable the Content Security Policy.
V-246887 Medium The Horizon Connection Server administrators must be limited in terms of quantity, scope, and permissions.
V-246886 Medium The Horizon Connection Server must be configured to debug level logging.
V-246882 Medium The Horizon Connection Server must limit the number of concurrent client sessions.
V-246889 Medium The Horizon Connection Server must be configured with an events database.
V-246911 Medium The PCoIP Secure Gateway must be configured with a DoD-issued TLS certificate.
V-246910 Medium The Horizon Connection Server must enable the proper Content Security Policy directives.
V-246913 Medium The Horizon Connection Server must require CAC reauthentication after user idle timeouts.
V-246912 Medium The Horizon Connection Server must not allow unauthenticated access.
V-246915 Medium The Horizon Connection Server must prevent MIME type sniffing.
V-246914 Medium The Horizon Connection Server must be configured to restrict USB passthrough access.
V-246894 Medium The Horizon Connection Server must time out administrative sessions after 15 minutes or less.
V-246895 Medium The Horizon Connection Server must protect log files from unauthorized access.
V-246896 Medium The Horizon Connection Server must offload events to a central log server in real time.
V-246897 Medium The Horizon Connection Server must be configured with a DoD-issued TLS certificate.
V-246890 Medium The Horizon Connection Server must limit access to the global configuration privilege.
V-246891 Medium The Horizon Connection Server must perform full path validation on server-to-server TLS connection certificates.
V-246892 Medium The Horizon Connection Server must validate client and administrator certificates.
V-246898 Medium The Horizon Connection Server must reauthenticate users after a network interruption.
V-246899 Medium The Horizon Connection Server must disconnect users after a maximum of ten hours.