CMMC AU.2.043 - Synchronize System Clocks

CMMC AU.2.043 - Synchronize System Clocks

Requirement text: AU.2.043: Provide a system capability that compares and synchronizes internal
system clocks with an authoritative source to generate time stamps for audit
records.

DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2
Internal system clocks are used to generate time stamps, which include date and time. Time
is expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich
Mean Time (GMT), or local time with an offset from UTC. The granularity of time
measurements refers to the degree of synchronization between system clocks and reference
clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of
milliseconds. Organizations may define different time granularities for different system
components. Time service can also be critical to other security capabilities such as access
control and identification and authentication, depending on the nature of the mechanisms
used to support those capabilities. This requirement provides uniformity of time stamps for
systems with multiple system clocks and systems connected over a network.

CMMC CLARIFICATION
Some organizations have many machines. It is good practice to setup each machine to
synchronize its time with a central time server. This ensures that all machines are recording
audit logs using the same time source. This is important when you review audit logs for
suspicious activity. You need to review events from multiple machines. This can be a difficult
task if the time is not synchronized for all machines. To use the same time source, you can
synchronize machines to a network device or directory service. Also, you can configure
machines manually to use the same time servers on the internet.

Example
You are setting up several new computers on your company’s network. They are not setup
on a domain. You update the time settings on each machine to use the same authoritative
time server on the internet. If you have to review audit logs, all your machines will have
synchronized time. This helps you investigate a potential incident.

References
• NIST SP 800-171 Rev 1 3.3.7
• CIS Controls v7.1 6.1
• NIST CSF v1.1 PR.PT-1
• NIST SP 800-53 Rev 4 AU-8, AU-8(1)

    • Related Articles

    • System and Information Integrity: SP 800-171 Security Family 3.14

      Integrity is defined as guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. It is the assertion that data can only be accessed or modified by the authorized employees. ...

    • CMMC AU.2.041 - Ensure System User Attribution

      Requirement text: AU.2.041: Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This requirement ensures that the ...

    • CMMC AU.2.042 - Retain System Audit Logs

      Requirement text: AU.2.042: Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. DISCUSSION FROM SOURCE: DRAFT NIST SP ...

    • CMMC AU.2.044 - Review Audit Logs

      Requirement text: AU.2.044: Review audit logs. DISCUSSION FROM SOURCE: CMMC Reviewing audit logs is a common control in information security. Organizations have the flexibility to determine which logs and specific events to review. The level of audit ...

    • CMMC AU.3.046 - Alert Logging Failures

      Requirement text: AU.3.046: Alert in the event of an audit logging process failure. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Audit logging process failures include software and hardware errors, failures in the audit record capturing ...