Synchronize system clocks
Summary
Critical systems must have synchronized clocks whose configuration is protected and comes from industry-accepted sources.
Description
Systems must properly record exceptional and security events in protected logs. This allows administrators to find bugs and makes it easier for forensics teams to determine how a system was compromised. However, if clocks are not properly synchronized, it can be very difficult to compare log files from different systems in order to establish the event sequence that led to the security incident.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🔴 |
| Squad | 🟢 |
References
- CIS-8_4. Standardize time synchronization
- NIST Framework-RS_CO-2. Incidents are reported consistent with established criteria
- Agile Alliance-11. Best architectures, requirements, and designs
- NYDFS-500_16. Incident response plan
- CMMC-AU_L2-3_3_7. Authoritative time source
- HITRUST CSF-09_af. Clock synchronization
- FedRAMP-AU-8_1. Synchronization with authoritative time source
- ISO/IEC 27002-8_17. Clock synchronization
- PCI DSS-10_6_1. System clocks and time are synchronized
- SIG Core-G_4. Operations management
- ISO/IEC 27001-8_17. Clock synchronization
- Resolution SB 2021 2126-Art_27_16. Security in Electronic Channels
Vulnerabilities
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.