Level 2
Description:
Internal system clocks are used to generate time stamps, which include date and time. Time is expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. This requirement provides uniformity of time stamps for systems with multiple system clocks and systems connected over a network. See [IETF 5905].
Priority: High
Domain: AUDIT AND ACCOUNTABILITY (AU)
Services Associated with AWS:
- AWS Identity and Access Management (IAM), AWS Directory Service, AWS Systems Manager
Services Associated with Azure:
- Azure Time Series Insights
- Azure IoT Hub
- Azure Functions
Objective Evidence:
- Administrative: documented policies, standards & procedures
- Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
- Technical: screenshot of configuration settings
Possible Technology Considerations:
- Secure Baseline Configurations (SBC)
- Network Time Protocol (NTP)
What needs to be answered:
Does the system use internal system clocks to generate time stamps for audit records? Does the system synchronize internal system clocks on a defined frequency?
Checks for AWS
- Implement Time Synchronization with Authoritative Source
Description: This check ensures that organizations have implemented a system capability to compare and synchronize internal system clocks with an authoritative source to generate accurate time stamps for audit records. The internal system clocks are synchronized with a trusted reference clock or time server, which serves as the authoritative source for time synchronization. By maintaining consistent and accurate time across system components, organizations can generate reliable and uniform time stamps for audit records. - Verify Granularity of Time Measurements
Description: This check verifies that organizations define and maintain the desired granularity of time measurements for audit records. The granularity refers to the level of synchronization between system clocks and reference clocks, ensuring that time measurements are accurate and aligned. Organizations establish appropriate time synchronization intervals based on their specific requirements and system characteristics, aiming to achieve the desired level of precision in time stamps. - Validate Time Synchronization for Networked Systems
Description: This check validates that organizations extend time synchronization capabilities to networked systems, ensuring that time consistency is maintained across interconnected systems. Time synchronization protocols and mechanisms are implemented to propagate accurate time information between systems, eliminating discrepancies and ensuring uniformity of time stamps for audit records across the networked environment.
Checks for Azure
- Implement Time Synchronization with Authoritative Source in Azure:
Description: This check ensures that organizations in Azure have implemented a system capability to compare and synchronize internal system clocks with an authoritative source to generate accurate time stamps for audit records. The internal system clocks are synchronized with a trusted reference clock or time server, which serves as the authoritative source for time synchronization. By maintaining consistent and accurate time across system components, organizations can generate reliable and uniform time stamps for audit records. - Verify Granularity of Time Measurements in Azure:
Description: This check verifies that organizations in Azure define and maintain the desired granularity of time measurements for audit records. The granularity refers to the level of synchronization between system clocks and reference clocks, ensuring that time measurements are accurate and aligned. Organizations establish appropriate time synchronization intervals based on their specific requirements and system characteristics, aiming to achieve the desired level of precision in time stamps. - Validate Time Synchronization for Networked Systems in Azure:
Description: This check validates that organizations in Azure extend time synchronization capabilities to networked systems, ensuring that time consistency is maintained across interconnected systems. Time synchronization protocols and mechanisms are implemented to propagate accurate time information between systems, eliminating discrepancies and ensuring uniformity of time stamps for audit records across the networked environment.
More Details: Monitoring systems syncs with system clocks tied to NTP servers for timestamp validity.