New Citrix Application Delivery Compliance Plugin and Audits

Summary

Customers can now measure compliance against Citrix Application Delivery devices with new plugin ID 154868 on Tenable.io and Nessus. This plugin will be published with a new credential type: Citrix NITRO API. This plugin retrieves target data using the Citrix NITRO API and will evaluate actual values against a given audit policy. All data retrieval and communication is over the NITRO API. SSH is not needed or used for the Citrix compliance plugin.

Target Release Date

December 20, 2021

Additional Notes

Two Tenable Best Practice audits will be released along with the plugin:

• Tenable Best Practices Citrix ADC, for Application Delivery Controllers
• Tenable Best Practices Citrix ADM, for Application Delivery Managers

These audits check for many common security items: password configurations, time synchronization settings, user sessions and lockouts, logging, and more.

Example audit structure

<check_type: "Citrix_Application_Delivery">

<custom_item>

  type                   : REST_API

  description        : "ADC ARP Spoofing"

  request              : "ADCgetARPparam"

  json_transform  : ".arpparam.spoofvalidation"

  regex                 : "(ENABLED|DISABLED)"

  expect                : "ENABLED"

</custom_item>

</check_type>

The 'request' tag references specific API endpoints for data retrieval. The 'json_transform' tag selects specific parts of returned data. Regex and expect tags will further filter and evaluate the data for a passing or failing result.