STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware Horizon 7.13 Connection Server Security Technical Implementation Guide

V-246901

CAT II (Medium)

The Horizon Connection Server must discard SSO credentials after 15 minutes.

Rule ID

SV-246901r879887_rule

STIG

VMware Horizon 7.13 Connection Server Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366

Discussion

Horizon Connection Server caches user credentials temporarily to ensure that the user can connect to their desktop pools without reauthenticating, right after logging in to the broker. However, this grace period must be restricted so that SSO credentials are only retained for 15 minutes before being discarded. Subsequent desktop connection attempts will require reauthentication, even if the user is still connected to the broker.

Check Content

Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Global Settings. In the right pane, click the "General Settings" tab. Locate the "Discard SSO credentials" setting.

If the "Discard SSO Credentials" setting is set to "Never", this is a finding.

If the "Discard SSO Credentials" setting is set to greater than "15 minutes", this is a finding.

Fix Text

Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Global Settings. In the right pane, click the "General Settings" tab. Click "Edit". Next to "Discard SSO Credentials", select "After" from the dropdown and fill in "15" minutes in the text field. Click "OK".