Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The time synchronization tool must be configured to enable logging of time source switching.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| WN12-AD-000008-DC | WN12-AD-000008-DC | WN12-AD-000008-DC_rule | Low |
| Description |
|---|
| When a time synchronization tool executes, it may switch between time sources according to network or server contention. If switches between time sources are not logged, it may be difficult or impossible to detect malicious activity or availability problems. |
| STIG | Date |
|---|---|
| Microsoft Windows Server 2012 Domain Controller Security Technical Implementation Guide | 2013-07-25 |
Details
| Check Text ( C-WN12-AD-000008-DC_chk ) |
|---|
| Verify logging is configured to capture time source switches. If the Windows Time Service is used, verify the following registry value. If it is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \System\CurrentControlSet\Services\W32Time\Config\ Value Name: EventLogFlags Type: REG_DWORD Value: 2 If the time synchronization tool is used, review the available configuration options and logs. If the tool has time source logging capability and it is not enabled, this is a finding. |
| Fix Text (F-WN12-AD-000008-DC_fix) |
|---|
| If the Windows Time Service is used, configured it as follows. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \System\CurrentControlSet\Services\W32Time\Config\ Value Name: EventLogFlags Type: REG_DWORD Value: 2 If another time synchronization tool used, configure it to log time source switching. |