UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The time synchronization tool must be configured to enable logging of time source switching.


Overview

Finding ID Version Rule ID IA Controls Severity
V-226077 WN12-AD-000008-DC SV-226077r794796_rule Low
Description
When a time synchronization tool executes, it may switch between time sources according to network or server contention. If switches between time sources are not logged, it may be difficult or impossible to detect malicious activity or availability problems.
STIG Date
Microsoft Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide 2022-03-01

Details

Check Text ( C-27779r475554_chk )
Verify logging is configured to capture time source switches.

If the Windows Time Service is used, verify the following registry value. If it is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \System\CurrentControlSet\Services\W32Time\Config\

Value Name: EventLogFlags

Type: REG_DWORD
Value: 2 or 3

If another time synchronization tool is used, review the available configuration options and logs. If the tool has time source logging capability and it is not enabled, this is a finding.
Fix Text (F-27767r794795_fix)
Configure the time synchronization tool to log time source switching. If the Windows Time Service is used, configure the following registry value.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \System\CurrentControlSet\Services\W32Time\Config\

Value Name: EventLogFlags

Type: REG_DWORD
Value: 2 or 3