STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

VMware Horizon 7.13 Connection Server Security Technical Implementation Guide

Version

V1R2

Benchmark ID

VMware_Horizon_7-13_Connection_Server_STIG

Total Checks

35

Tags

vmware
CAT I: 6CAT II: 29CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (35)

V-246882MEDIUMThe Horizon Connection Server must limit the number of concurrent client sessions.V-246883HIGHThe Horizon Connection Server must be configured to only support TLS 1.2 connections.V-246884HIGHThe Blast Secure Gateway must be configured to only support TLS 1.2 connections.V-246885HIGHThe Horizon Connection Server must force server cipher preference.V-246886MEDIUMThe Horizon Connection Server must be configured to debug level logging.V-246887MEDIUMThe Horizon Connection Server administrators must be limited in terms of quantity, scope, and permissions.V-246888HIGHThe Horizon Connection Server must require DoD PKI for administrative logins.V-246889MEDIUMThe Horizon Connection Server must be configured with an events database.V-246890MEDIUMThe Horizon Connection Server must limit access to the global configuration privilege.V-246891MEDIUMThe Horizon Connection Server must perform full path validation on server-to-server TLS connection certificates.V-246892MEDIUMThe Horizon Connection Server must validate client and administrator certificates.V-246893HIGHThe Horizon Connection Server must only use FIPS 140-2 validated cryptographic modules.V-246894MEDIUMThe Horizon Connection Server must time out administrative sessions after 15 minutes or less.V-246895MEDIUMThe Horizon Connection Server must protect log files from unauthorized access.V-246896MEDIUMThe Horizon Connection Server must offload events to a central log server in real time.V-246897MEDIUMThe Horizon Connection Server must be configured with a DoD-issued TLS certificate.V-246898MEDIUMThe Horizon Connection Server must reauthenticate users after a network interruption.V-246899MEDIUMThe Horizon Connection Server must disconnect users after a maximum of ten hours.V-246900MEDIUMThe Horizon Connection Server must disconnect applications after two hours of idle time.V-246901MEDIUMThe Horizon Connection Server must discard SSO credentials after 15 minutes.V-246902MEDIUMThe Horizon Connection Server must not accept pass-through client credentials.V-246903MEDIUMThe Horizon Connection Server must require DoD PKI for client logins.V-246904MEDIUMThe Horizon Connection Server must backup its configuration daily.V-246905MEDIUMThe Horizon Connection Server Instant Clone domain account must be configured with limited permissions.V-246906MEDIUMThe Horizon Connection Server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.V-246907MEDIUMThe Horizon Connection Server must have X-Frame-Options enabled.V-246908MEDIUMThe Horizon Connection Server must have Origin Checking enabled.V-246909MEDIUMThe Horizon Connection Server must enable the Content Security Policy.V-246910MEDIUMThe Horizon Connection Server must enable the proper Content Security Policy directives.V-246911MEDIUMThe PCoIP Secure Gateway must be configured with a DoD-issued TLS certificate.V-246912MEDIUMThe Horizon Connection Server must not allow unauthenticated access.V-246913MEDIUMThe Horizon Connection Server must require CAC reauthentication after user idle timeouts.V-246914MEDIUMThe Horizon Connection Server must be configured to restrict USB passthrough access.V-246915MEDIUMThe Horizon Connection Server must prevent MIME type sniffing.V-246916HIGHAll Horizon components must be running supported versions.