STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware Horizon 7.13 Connection Server Security Technical Implementation Guide

V-246913

CAT II (Medium)

The Horizon Connection Server must require CAC reauthentication after user idle timeouts.

Rule ID

SV-246913r879887_rule

STIG

VMware Horizon 7.13 Connection Server Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366

Discussion

If a user VDI session times out due to activity, the user must be assumed to not be active and have their resource locked. These resources should only be made available again upon the user reauthenticating versus reusing the initial connection. This ensures that the connection has not been hijacked and re-stablishes nonrepudiation.

Check Content

Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Global Settings. In the right pane, click the "General Settings" tab. Locate the "Enable 2-Factor Reauthentication" setting.

If the "Enable 2-Factor Reauthentication" setting is set to "No", this is a finding.

Fix Text

Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Global Settings. In the right pane, click the "General Settings" tab. Click "Edit". Select the checkbox next to "Enable 2-Factor Reauthentication". Click "OK".