Citrix XenDesktop 7.x STIG 1.0 Checklist Details (Checklist Revisions)
The Citrix XenDesktop 7.x Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. This document is meant for use in conjunction with other STIGs such as the Enclave, Network Infrastructure, Microsoft IIS, SQL, Active Directory, and appropriate Windows Operating System STIGs.
The Citrix XenDesktop 7.x STIG is composed of five subcomponent STIGs. The following is a brief description of each. All component STIGs must be applied to the Citrix XenDesktop 7.x environment:
• StoreFront – Installed on a Windows server in the data center, StoreFront gives users access to the virtual desktops and applications that they are authorized to use. Users log on to StoreFront through Citrix Receiver. StoreFront retrieves an Independent Computing Architecture (ICA) file containing the information required for user to connect to the Virtual Delivery Agent (VDA) for access to an authorized virtual desktop or application.
• Receiver – Runs on a client endpoint to securely display the application or desktop running in the data center or cloud, including optimized multimedia.
• License Server – Installed on a Windows server in the data center, this maintains the licenses for Citrix products through an administration interface to license services.
• Delivery Controller – Installed on servers in the data center, the Delivery Controller authenticates users and administrators, manages the assembly of desktop users’ virtual desktop environments, and brokers connections between users and their virtual desktops and applications.
• Windows Virtual Delivery Agent – VDAs are installed on the machines inside the data center that host virtual desktops and applications that are available to users. VDAs enable direct ICA connections between a user device and these virtual desktops and applications.
- Specialized Security-Limited Functionality (SSLF)
Parties within the DoD and Federal Government’s computing environments can obtain the applicable STIG from the Information Assurance Support Environment (IASE) website. This site contains the latest copies of any STIGs, SRGs, and other related security information. The address for the IASE site is http://iase.disa.mil/.
updated to FINAL -10/15/18
Updated to v1,r2 - 4/30/19
Updated URLs - 6/5/19
NIST checklist record last modified on 06/05/2019