UCF STIG Viewer Logo

The NSX-T Manager must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC).


Overview

Finding ID Version Rule ID IA Controls Severity
V-251783 TNDM-3X-000069 SV-251783r851740_rule Medium
Description
If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the application include date and time. Time is commonly expressed in UTC, a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC.
STIG Date
VMware NSX-T Manager NDM Security Technical Implementation Guide 2022-09-01

Details

Check Text ( C-55243r810350_chk )
From the NSX-T Manager web interface, go to System >> Fabric >> Profiles >> Node Profiles. Click "All NSX Nodes" and verify the time zone.

or

From an NSX-T Manager shell, run the following command(s):

> get clock

If system clock is not configured with the UTC time zone, this is a finding.

Note: This check must be run from each NSX-T Manager as they are configured individually if done from the command line.
Fix Text (F-55197r810351_fix)
To configure a profile to apply NTP servers to all NSX-T Manager nodes, do the following:

From the NSX-T Manager web interface, go to System >> Fabric >> Profiles >> Node Profiles. Click "All NSX Nodes", and then click "Edit".

In the time zone drop-down list, select "UTC", and then click "Save".

or

From an NSX-T Manager shell, run the following command(s):

> set timezone UTC

Note: This fix must be run from each NSX-T Manager as they are configured individually if done from the command line.