AU-08-727 Time Stamps

Time Stamps

Time Stamps
Audit and Accountability
Media, Security Monitoring and Event Analysis
August 18, 2016

All Agency-owned information resources that are capable of network time protocol (NTP) shall sync with the NIST NTP server at A local NTP server with less than 5 second deviation from the NIST reference server may be operated.

The lack of operational control to synchronize system clocks with an authoritative time source may hinder the ability to accurately monitor timestamps from logs which could affect the incident response process.
The information system: a. Uses internal system clocks to generate time stamps for audit records; and b. Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [Assignment: organization-defined granularity of time measurement].
The internal clock of an application system is active, which synchs to a global time reporting system.
Whenever technically possible, information systems should provide time stamps for use in audit record generation.
Obtain audit and accountability policy; procedures addressing time stamp generation; information system design documentation; information system configuration settings and associated documentation; information system audit records; security plan; other relevant documents or records and ascertain if : (I) the information system provides time stamps in audit records. (ii)the organization defines in the security plan, explicitly or by reference, the frequency of internal clock synchronization for the information system; and (iii)the organization synchronizes internal information system clocks periodically in accordance with organization-defined frequency.