Synchronize system clocks
Summary
Critical systems must have synchronized clocks whose configuration is protected and comes from industry-accepted sources.
Description
Systems must properly record exceptional and security events in protected logs. This allows administrators to find bugs and makes it easier for forensics teams to determine how a system was compromised. However, if clocks are not properly synchronized, it can be very difficult to compare log files from different systems in order to establish the event sequence that led to the security incident.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- CIS-8_4. Standardize time synchronization
- Agile Alliance-11. Best architectures, requirements, and designs
- NYDFS-500_16. Incident response plan
- CMMC-AU_L2-3_3_7. Authoritative time source
- HITRUST CSF-09_af. Clock synchronization
- FedRAMP-AU-8_1. Synchronization with authoritative time source
- ISO/IEC 27002-8_17. Clock synchronization
- PCI DSS-10_6_1. System clocks and time are synchronized
- SIG Core-G_4. Operations management
- ISO/IEC 27001-8_17. Clock synchronization
- Resolution SB 2021 2126-Art_27_16. Security in Electronic Channels
Vulnerabilities
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.