Product Documentation

How Citrix Fulfills Public Sector Security Needs

Jan 12, 2017

Citrix provides networking solutions for more than 200 federal agencies including the Departments of Commerce, Homeland Security, State, Treasury and Veterans Affairs, as well as every branch of the military. Citrix products help these agencies meet regulations and standards including Federal Information Processing Standards (FIPS) and Common Criteria. The products are configured to meet United States Government Configuration Baseline (USGCB) and Security Technical Implementation Guide (STIG) standards.

Citrix releases security advisories for each product. You can register for Citrix security advisory notifications by signing in to and adding an alert to your profile at

XenDesktop and XenApp

FIPS 140-2: XenApp and XenDesktop 7.6 are now FIPS 140-2 compliant.  FIPS crypto is used both inside and outside the gateway, providing a secure connection for all network communication.  The Citrix Virtual Desktop Agent (VDA) can use TLS/AES and FIPS without the use of network level security like IPsec.

Common Criteria: Citrix provides the industry’s only server-based computing solution that meets Common Criteria evaluation standards. The Citrix products were put through a series of security tests and were evaluated by an external auditor and certified by the CESG based on real-world scenarios for customers in Government, Military and Intelligence communities. Common Criteria is an internationally recognized set of guidelines (ISO 15408) that define a common framework for evaluating security features and capabilities of Information Technology (IT) security products.

HSPD 12: A Citrix environment can be configured for smart card authentication including Common Access Card (CAC), SIPRNet Token and Personal Identification Verification (PIV) cards.


FIPS 140-2 Level 2: A Citrix Environment can achieve FIPS 140-2 Level 2 compliance with the FIPS-enabled NetScaler MPX-FIPS appliance. This appliance also hardware-ready for Level 3 compliance. The NetScaler appliances offer encrypted and FIPS-secured communication between the following:

  • Citrix Receiver endpoints and the NetScaler appliance
  • The NetScaler appliance and XenApp and/or XenDesktop VDA and StoreFront

Common Criteria: Citrix has a Common Criteria certificate for NetScaler 10.0 and is currently in evaluation for the certificate for NetScaler 10.5. As with XenApp and XenDesktop, NetScaler was put through a series of security checks and evaluations by the CESG to achieve the certificate.