← Back to Citrix Virtual Apps and Desktop 7.x Workspace App Security Technical Implementation Guide

V-234262

CAT II (Medium)

Citrix Workspace must accept Personal Identity Verification (PIV) credentials.

Rule ID

SV-234262r961494_rule

STIG

Citrix Virtual Apps and Desktop 7.x Workspace App Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-001953, CCI-001954

Discussion

The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the Common Access Card (CAC) to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems. Satisfies: SRG-APP-000391, SRG-APP-000392

Check Content

Verify the policy value for Administrative Templates >> Citrix Components >> Citrix Workspace >> User authentication >> "Smart card authentication" is not set to "Disabled". For this setting, "Not Configured" is equivalent to "Enabled".

If the "Smart card authentication" policy is set to "Disabled", this is a finding.

Fix Text

Set the policy value for Administrative Templates >> Citrix Components >> Citrix Workspace >> User authentication >> "Smart card authentication" to "Enabled" and check the "Allow smart card authentication" box. 

If the environment leverages PIN pass-through, also check the "Use pass-through authentication for PIN" box.