CMMC Practice AU.L2-3.3.7

Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.

Bold Coast Security Guidance

Imagine having a different time in each bedroom of your house? If they're off by a minute or two, its no big deal. But off by 30 minutes? An hour? What if one person is on Eastern Time and another on Pacific? What time did everyone get up today? The same problem would occur on your network if you are trying to trace a problem on your network, and everyone is using a different time source. Differences of even a second may lead to incorrect conclusions about what happened when doing an investigation. There are several "authoritative" time servers out there which you can use. Pick one and its backup, and use it across your network. And remember to verify your setting on a regular basis! Operating systems can shed settings like this due to faulty patches, mistakes by administrators, or malicious activity.
Security Catapult

Be prepared for CMMC

Our Q&A assessment tool is designed by security advisors for MSPs and DoD contractors of all sizes.

Try now for free

Understand your gaps
Security Catapult

Understand your gaps

See compliance gaps, compliance scores and proactive security tasks in a single interface.

Try now for free

Validate NIST SP 800-171
Security Catapult

Validate NIST SP 800-171

Based on your CMMC answers, we let you know where you stand on NIST.

Try now for free

Build a plan of action
Security Catapult

Build a plan of action

Track your burn down and stay on top of security needs.

Try now for free

Build your policy
Security Catapult

Build your policy

Say goodbye to maintaining a security policy. We do it for you.

Try now for free

Discussion From Source

DRAFT NIST SP 800-171 R2 Internal system clocks are used to generate time stamps, which include date and time. Time is expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. This requirement provides uniformity of time stamps for systems with multiple system clocks and systems connected over a network.

References