Reference: CMMC 2.0
Family: AU
Level Introduced: 2
Title: Authoritative Time Source
Practice:
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
CMMC Clarification:
Some organizations have many machines. It is good practice to setup each machine to synchronize its time with a central time server. This ensures that all machines are recording audit logs using the same time source. This is important when you review audit logs for suspicious activity. You need to review events from multiple machines. This can be a difficult task if the time is not synchronized for all machines. To use the same time source, you can synchronize machines to a network device or directory service. Also, you can configure machines manually to use the same time servers on the internet.
Example
You are setting up several new computers on your company's network. They are not setup on a domain. You update the time settings on each machine to use the same authoritative time server on the internet. If you have to review audit logs, all your machines will have synchronized time. This helps you investigate a potential incident.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (2)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.