The application server must use internal system clocks to generate time stamps for audit records.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35203	SRG-APP-000116-AS-000076	SV-46490r1_rule		Low

Description
Without the use of an approved and synchronized time source, configured on the systems, events cannot be accurately correlated and analyzed to determine what is transpiring within the AS. If an event has been triggered on the network, and the AS is not configured with the correct time, the event may be seen as insignificant, when in reality the events are related and may have a larger impact across the network. Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple systems. Determining the correct time a particular event occurred on a system, via timestamps, is critical when conducting forensic analysis and investigating system events. Application servers must utilize the internal system clock when generating time stamps and audit records.

Description

Without the use of an approved and synchronized time source, configured on the systems, events cannot be accurately correlated and analyzed to determine what is transpiring within the AS. If an event has been triggered on the network, and the AS is not configured with the correct time, the event may be seen as insignificant, when in reality the events are related and may have a larger impact across the network. Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple systems. Determining the correct time a particular event occurred on a system, via timestamps, is critical when conducting forensic analysis and investigating system events. Application servers must utilize the internal system clock when generating time stamps and audit records.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43575r1_chk )
Review the AS configuration files to determine if the internal system clock is used for timestamps. If this is not feasible, an alternative workaround is to take an action that generates an entry in the audit log and then immediately query the operating system for the current time. A reasonable match between the two times will suffice as evidence that the system is using the internal clock for timestamps. If the AS does not use the internal system clock to generate timestamps, this is a finding.

Check Text ( C-43575r1_chk )

Review the AS configuration files to determine if the internal system clock is used for timestamps. If this is not feasible, an alternative workaround is to take an action that generates an entry in the audit log and then immediately query the operating system for the current time. A reasonable match between the two times will suffice as evidence that the system is using the internal clock for timestamps. If the AS does not use the internal system clock to generate timestamps, this is a finding.

Fix Text (F-39749r1_fix)
Configure the AS to use internal system clocks to generate timestamps for audit records.