Global Citrix cloud infrastructure
The Citrix cloud resources are available around the world in up to 5 regions. Review the resource map below to understand the region coverage for a particular service.
Citrix Cloud customer penetration (pen) testing
Many organizations are required to validate that their computing environments meet corporate standards for security. Customers of the Citrix Cloud platform are able to run penetration testing against their environment but need to work with the Citrix team to ensure that they are not impacting any other customer. This section provides information on the requirements and how to coordinate the testing.
The person submitting this notification agrees that (1) any penetration testing will comply with the Citrix Cloud Customer Penetration Test requirements available on the Citrix Trust Center; and (2) they have authority to agree to these terms on behalf of the Customer.
Citrix Cloud customer pen test requirements
This document describes the requirements (“Requirements”) for customers (“you”) to perform penetration tests against your Citrix Cloud services environments. These Requirements are designed to allow you to evaluate the security of your Citrix Cloud environment(s) while preventing harm to other customers or to Citrix, including associated infrastructure, computing environments and data.
All penetration tests must follow the Requirements. Use of Citrix Cloud services will continue to be subject to the terms of the agreement and terms under which you purchased the relevant service. Any violation of these Requirements or of the relevant service terms may result in suspension or termination of your services and legal action as set forth in your agreement. You are responsible for any damage to Citrix Cloud infrastructure (including networks, machines and data) and to any other customers caused by failure to abide by these Requirements or your Citrix Cloud services agreement.
- To avoid false security alerts and to prevent interruption of your penetration test, you must fill out a Penetration Test Notification Form at least 24 hours prior to the start of any penetration test.
- You may perform penetration testing only of your Citrix Cloud subdomain(s) identified on the Penetration Test Notification Form.
- You may not attempt to scan, test or impact any other domain or environment or to access any domain, environment or data that is not yours.
- You may not perform a denial of service attack, fuzzing or other activity designed to interrupt availability of the service or to access or affect the integrity of data on any computing environment.
- You may not attempt phishing or other social engineering attacks or insertion of malware or other malicious code into the service.
- You may not attempt to exploit any vulnerabilities found during testing (e.g., data exfiltration), and activities that could pose risk to Citrix infrastructure, data or other customers must be discontinued once a vulnerability is found.
- Citrix is not responsible for any impact to your Citrix Cloud computing environment or service levels related to your penetration testing activities.
- Citrix reserves the right to respond to any actions on its networks that appear to be malicious and to discontinue or require you to discontinue a penetration test at any time.
- If you believe you discovered a potential security flaw related to the Citrix Cloud or any other Citrix service or infrastructure, you must report it to Citrix within 24 hours.
- You may not disclose vulnerability information publicly or to any third party until you hear back from Citrix that the vulnerability has been fixed.
Check the health status of Citrix cloud services in real time.
To learn about the Unified Citrix Cloud Operations team that is a 24x7 service organization with a goal of delivering high availability of Citrix cloud services, consult the Citrix Cloud Business Continuity Overview document.
Citrix Cloud Services Data Protection
The Citrix Cloud Services Data Protection Overview describes our data protection practices including controls to safeguard the data of our cloud services customers.
The following documents provide more detail regarding specific Citrix cloud services:
The Citrix Analytics - Data Governance page provides information regarding the collection, storage, and retention of logs by the Citrix Analytics service.
Citrix Application Delivery Management
The Citrix Application Delivery Management Service – Data Governance Overview communicates the data collected and stored in cloud as part of the Citrix Application Delivery Management (ADM) service.
Citrix Intelligent Traffic Management
The Citrix Intelligent Traffic Management – Customer Content and Logs document provides information regarding the collection, storage, and retention of logs and other data generated in connection with the Citrix Intelligent Traffic Management (ITM) service and related products.
Citrix Workspace Microapps Service
The Citrix Workspace Microapps Service – Customer Content and Log Handling document provides more detailed information about the Customer Content and Log data processed and stored as part of the Citrix Workspace Microapps service.
Top 20 security questions
Review common questions and information on Citrix preferred security practices and controls.
Due diligence package
The due diligence package provides transparency about our policies, practices and controls at Citrix to put your mind at ease.
Services Security Exhibit
The Services Security Exhibit describes the security controls implemented in connection with the performance of cloud services, technical support services or consulting services.