Synchronize system clocks
Summary
Critical systems must have synchronized clocks whose configuration is protected and comes from industry-accepted sources.
Description
Systems must properly record exceptional and security events in protected logs. This allows administrators to find bugs and makes it easier for forensics teams to determine how a system was compromised. However, if clocks are not properly synchronized, it can be very difficult to compare log files from different systems in order to establish the event sequence that led to the security incident.
References
- CIS-8_4. Standardize time synchronization
- AGILE-11. Best architectures, requirements, and designs
- NYDFS-500_16. Incident response plan
- CMMC-AU_L2-3_3_7. Authoritative time source
- HITRUST-09_af. Clock synchronization
- FEDRAMP-AU-8_1. Synchronization with authoritative time source
- ISO27002-8_17. Clock synchronization
- PCI-10_6_1. System clocks and time are synchronized
- SIG-G_4. Operations management
- ISO27001-8_17. Clock synchronization
- RESOLSB-Art_27_16. Security in Electronic Channels
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan