The software supports CAC and PIV card authentication, and meets NSA and DISA requirements for secure Bluetooth communication.
Many federal agencies have taken steps to begin implementing mobile work environments, though security remains a concern. When GCN last year reviewed the Citrix Receiver software, we found it had good security for in-transit data, but did nothing for securing the endpoint — the mobile device being used by the mobile employee.
That should change now that Citrix has announced that Citrix Receiver supports the Biometric Associates baiMobile 3000MP Bluetooth Smart Card Reader and the baiMobile 301 USB Smart Card reader. It will enable Common Access Card and Personal Identity Verification holding users to access Citrix applications and virtual desktops via compatible Android devices.
The baiMobile 3000MP Bluetooth Smart Card Reader has been approved by the Defense Information Systems Agency for use in the Defense Department and meets both the National Security Agency and DISA requirements for secure Bluetooth communications.
After the card reader pairs to an Android smart phone or tablet via Bluetooth, Citrix Receiver can communicate through the stack to pass the credentials to a Citrix XenDesktop or Citrix XenApp back-end framework and securely authenticate a user via his CAC credentials to a session running safely in the data center. When coupled with Citrix Netscaler to provide FIPS 140-2 Level 2 hardware encryption, every user session is secure, and no resident data remains on the Android device that could potentially compromise security.
“Today’s focus is largely about enabling mobility for the defense sector, and we are in the midst of a powerful convergence of necessity, the need for the defense sector to do more with less and a growing consumer demand for anytime-anywhere connectivity,” said Tom Simmons, area vice president of public sector for Citrix. “These realities, fueled by important defense policy drivers, such as the DOD Mobile Strategy, are driving new mobile requirements.”
Citrix Receiver can also now be used with other solutions, such as Citrix XenMobile and Citrix CloudGateway, as part of an Enterprise Mobility Management strategy, and feds can gain additional benefits such as enabling mobile thin client computing. When coupled with XenMobile, defense agencies can deploy this Citrix Receiver capability automatically to all Androids in a department with a just a few clicks. It also can fully wipe Citrix Receiver from a “bring your own device” Android should an employee and/or contractor leave the agency.
Users can also connect to remote virtual desktops and applications, while accessing native Android applications from an agency application store when using CloudGateway. That means that CloudGateway can elevate Citrix Receiver from an independent computing architecture client to a comprehensive solution with secure access to native applications, Web, and software-as-a-service applications, and with follow-me data through ShareFile.
As agencies move to mobile computing, CAC and PIV authentication of smart phones and other mobile devices becomes more important. In 2012, Thursby Software released the PKard Reader, the first smart-card authentication reader for iOS devices. The reader, and a free app, are FIPS 140-2 validated, work with CAC, PIV, PIV-Interoperable and Commercial Identity Verification cards, and have been put to use in agencies across government.