Federal Customers tend to have unique requirements when it comes deploying IT as a service. Why do these customers choose Citrix time and time again? Because we believe that our mantra of “being able to work and play from anywhere” is something that even the Federal Government can attain with the caveats of security and compliance.
Common Criteria Certification
Common Criteria Certification is an international standard with which technology products are evaluated against from a security perspective. Several Information Assurance agencies within the Federal Govt require that software/hardware that is introduced into the network has been Common Criteria Certified. This is usually a precursor to an Authority to Operate (ATO) or DIACAP accreditation.
Citrix is committed to providing the “ability to work and play from anywhere, securely” using virtualization solutions. Hence Citrix has actively sought Common Criteria Certifications for all of its major product lines including XenDesktop, XenApp, XenServer and NetScaler. For full details on our Common Criteria documentation please see this link:
Citrix is the only vendor with solutions that are Common Criteria certified for App, Desktop AND Server Virtualization. Citrix sees Common Criteria as vital to providing solutions within the Federal space and is vested in continually updating CC certification to ensure customers can deploy the latest and greatest virtualization solutions securely.
Several Federal customers also have certain encryption requirements for any protocol that traverses their networks. Citrix’s ICA/HDX protocol has had a 21-year history of remoting applications and desktops securely. ICA introduced SecureICA over 10 years ago, which allows for 128 bit encryption of ICA using the underlying Microsoft FIPS 140-2 certified crypto keys. Furthermore, with the addition of the NetScaler platform, Citrix can wrap ICA within FIPS 140-2 Level 2 compliant SSL Encryption. This means that no additional firewall ports have to be opened; the standard 443/SSL port can be leveraged for delivery of apps and desktops. The NetScaler platform is the only Application Delivery Controller on the market that is FIPS 140-2 Level 2 compliant, Common Criteria and JITC certified. NetScaler can also be used for Load Balancing, SSL Offload, Full VPN access, GSLB and much more. Citrix is the only vendor in the market that can provide integrated FIPS 140-2 Level 2 compliant SSL encryption for delivery of virtual desktops/apps.
For more information on the FIPS-Compliant NetScaler platform please see this link:
CAC/PIV/SIPR Token Compatibility
As part of the fulfillment of Presidential directive HSPD-12, several Federal agencies have rolled out CAC and PIV cards as a requirement for network domain access. Citrix fully supports CAC/PIV smartcards for authentication and use with XenDesktop, XenApp and Netscaler. Furthermore, initial testing has shown SIPR tokens to be fully compatible with XenDesktop and XenApp as well.
Federal Telework / BYOD initiatives
Several Federal agencies are required to implement Telework policies enabling employees to work from home in case of DR/COOP scenarios. Several other agencies are looking into BYOD (Bring Your Own Device) programs to help lower the TCO of endpoint devices. For both of these scenarios, Citrix Receiver empowers users to work from their location of choice, with their device of choice. Federal employees can securely access virtual Desktops and Applications on-demand securely without any data at rest concerns. When the employee logs off of their session, there is no resident data left on the endpoint device, making Receiver an ideal solution for agencies with data leakage concerns. For more information on our Telework initiatives, please see this whitepaper:
Building a Secure Hypervisor
When Citrix embarked on the process of developing XenClient, the world’s first bare-metal client hypervisor, several Federal customers provided input in regards to securing XenClient to ensure complete isolation between VMs. This “extremely” secure version came to be known as XenClient XT. Today, XenClient XT is being leveraged as a solution in environments where users must access multiple security domains from the same endpoint in an MLS scenario. This has helped reduce the overall TCO of an MLS solution for several Federal Customers that would normally deploy a single endpoint for every single security domain. Citrix is the only vendor that is part of a fully accredited MLS solution using bare-metal client hypervisor technology.
For more information on XenClient XT please see this link:
To read how the DIA (Defense Intelligence Agency) is utilizing XenClient for the delivery of virtual desktops, please see this whitepaper: http://deliver.citrix.com/AMWB0911XDIMPEMENTWP.html
Citrix has been providing requirements-driven solutions to the Federal Government for over 20+ years. Our Federal offices based in Bethesda, MD are dedicated to ensuring that the Federal Government can achieve our vision of a “world where everyone can work and play from anywhere, securely.”
I’m responsible for the Systems Engineering team focused on Dept of Defense customers. For any questions, please feel free to email me directly: Faisal.Iqbal@citrix.com