Level 5 CMMC - CMMC Practices

AU.2.043  

Reference: CMMC 1.02

Family: AU

Level Introduced: 2

Practice:
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.

CMMC Clarification:
Some organizations have many machines. It is good practice to setup each machine to synchronize its time with a central time server. This ensures that all machines are recording audit logs using the same time source. This is important when you review audit logs for suspicious activity. You need to review events from multiple machines. This can be a difficult task if the time is not synchronized for all machines. To use the same time source, you can synchronize machines to a network device or directory service. Also, you can configure machines manually to use the same time servers on the internet.

Example
You are setting up several new computers on your company’s network. They are not setup on a domain. You update the time settings on each machine to use the same authoritative time server on the internet. If you have to review audit logs, all your machines will have synchronized time. This helps you investigate a potential incident.

3.3.7

Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.

Discussion:
Internal system clocks are used to generate time stamps, which include date and time. Time is expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. This requirement provides uniformity of time stamps for systems with multiple system clocks and systems connected over a network. See [IETF 5905].

Source: NIST Special Publication 800-171 Rev. 2

AU-8

TIME STAMPS

Description:
The information system:
    a. Uses internal system clocks to generate time stamps for audit records; and
    b. Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [Assignment: organization-defined granularity of time measurement].

Supplemental Guidance:
Time stamps generated by the information system include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. Related controls: AU-3, AU-12.

AU-8 (1)

TIME STAMPS | SYNCHRONIZATION WITH AUTHORITATIVE TIME SOURCE

Description:
The information system:
    (a) Compares the internal information system clocks [Assignment: organization-defined frequency] with [Assignment: organization-defined authoritative time source]; and
    (b) Synchronizes the internal system clocks to the authoritative time source when the time difference is greater than [Assignment: organization-defined time period].

Supplemental Guidance:
This control enhancement provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.

Source: NIST Special Publication 800-53 Rev. 4

Source: CMMC v1.02