UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must use internal system clocks to generate time stamps for audit records.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35203 SRG-APP-000116-AS-000076 SV-46490r1_rule Low
Description
Without the use of an approved and synchronized time source, configured on the systems, events cannot be accurately correlated and analyzed to determine what is transpiring within the AS. If an event has been triggered on the network, and the AS is not configured with the correct time, the event may be seen as insignificant, when in reality the events are related and may have a larger impact across the network. Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple systems. Determining the correct time a particular event occurred on a system, via timestamps, is critical when conducting forensic analysis and investigating system events. Application servers must utilize the internal system clock when generating time stamps and audit records.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43575r1_chk )
Review the AS configuration files to determine if the internal system clock is used for timestamps. If this is not feasible, an alternative workaround is to take an action that generates an entry in the audit log and then immediately query the operating system for the current time. A reasonable match between the two times will suffice as evidence that the system is using the internal clock for timestamps. If the AS does not use the internal system clock to generate timestamps, this is a finding.
Fix Text (F-39749r1_fix)
Configure the AS to use internal system clocks to generate timestamps for audit records.