Citrix XenDesktop 7.x STIG 1.0 Checklist Details (Checklist Revisions)

Supporting Resources:


Target CPE Name
Citrix XenDesktop 7.x cpe:/a:citrix:xendesktop:7.0 (View CVEs)

Checklist Highlights

Checklist Name:
Citrix XenDesktop 7.x STIG
Checklist ID:
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

The Citrix XenDesktop 7.x Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. This document is meant for use in conjunction with other STIGs such as the Enclave, Network Infrastructure, Microsoft IIS, SQL, Active Directory, and appropriate Windows Operating System STIGs. The Citrix XenDesktop 7.x STIG is composed of five subcomponent STIGs. The following is a brief description of each. All component STIGs must be applied to the Citrix XenDesktop 7.x environment: • StoreFront – Installed on a Windows server in the data center, StoreFront gives users access to the virtual desktops and applications that they are authorized to use. Users log on to StoreFront through Citrix Receiver. StoreFront retrieves an Independent Computing Architecture (ICA) file containing the information required for user to connect to the Virtual Delivery Agent (VDA) for access to an authorized virtual desktop or application. • Receiver – Runs on a client endpoint to securely display the application or desktop running in the data center or cloud, including optimized multimedia. • License Server – Installed on a Windows server in the data center, this maintains the licenses for Citrix products through an administration interface to license services. • Delivery Controller – Installed on servers in the data center, the Delivery Controller authenticates users and administrators, manages the assembly of desktop users’ virtual desktop environments, and brokers connections between users and their virtual desktops and applications. • Windows Virtual Delivery Agent – VDAs are installed on the machines inside the data center that host virtual desktops and applications that are available to users. VDAs enable direct ICA connections between a user device and these virtual desktops and applications.

Checklist Role:

  • Virtualization Server

Known Issues:

Not provided.

Target Audience:

Not provided.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoDI 8500.01


Not provided.


Not provided.

Product Support:

Parties within the DoD and Federal Government’s computing environments can obtain the applicable STIG from the Information Assurance Support Environment (IASE) website. This site contains the latest copies of any STIGs, SRGs, and other related security information. The address for the IASE site is

Point of Contact:


Not provided.


Not provided.

Change History:

updated to FINAL -10/15/18
Updated to v1,r2 - 4/30/19
Updated URLs - 6/5/19
Updated URL - 9/17/19
updated URLs per DISA - 1/21/2020
Updated URLs per DISA - 4/24/2020


URL Description


Reference URL Description

NIST checklist record last modified on 04/24/2020