{"stig":{"title":"Citrix XenDesktop v7.x StoreFront Security Technical Implementation Guide","version":"1","release":"1"},"checks":[{"vulnId":"V-81431","ruleId":"SV-96145r1_rule","severity":"medium","ruleTitle":"XenDesktop StoreFront must accept Personal Identity Verification (PIV) credentials.","description":"The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.<br /><br />DoD has mandated the use of the CAC to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems.<br /><br />Satisfies: SRG-APP-000391, SRG-APP-000033, SRG-APP-000392, SRG-APP-000439, SRG-APP-000440, SRG-APP-000442","checkContent":"Open the Citrix StoreFront management console.<br /><br />Select the \"Store\" node in the left pane.<br /><br />In the \"Actions\" pane, click \"Manage Authentication Methods\".<br /><br />Select only the \"Smart Card\" method.<br /><br />If the \"Smart Card\" method is not selected or if other methods are selected, this is a finding.<br /><br />Note: If a NetScaler Gateway is handling authentication, \"Pass-through from NetScaler Gateway\" may also be selected, this is not a finding.","fixText":"From the Citrix StoreFront management console >> Store node >> Actions pane >> Manage Authentication Methods, select only the \"Smart Card\" method.","ccis":["CCI-000213"]}]}