Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The time synchronization tool must be configured to enable logging of time source switching.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-8324 | DS00.0151_2008_R2 | SV-39001r1_rule | ECTM-1 ECTM-2 | Low |
| Description |
|---|
| When a time synchronization tool executes, it may switch between time sources according to network or server contention. If switches between time sources are not logged, it may be difficult or impossible to detect malicious activity or availability problems. |
| STIG | Date |
|---|---|
| Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide | 2012-09-05 |
Details
| Check Text ( C-37991r1_chk ) |
|---|
| If Windows Time Service is used as the time synchronization tool, use the following procedures to determine if logging is configured to capture time source switches. Windows Time Service 1. Use Registry Editor to navigate to HKLM\System\CurrentControlSet\Services\W32Time\Config. 2. If the value for “EventLogFlags” is not “2”, then this is a finding. If the NTP daemon or another tool is used as the time synchronization tool, use the following procedures. 1. Request the assistance of the SA or application SA to determine if the tool is logging time source changes. 2. Review the available configuration options and logs. 3. If the tool has time source logging capability and it is not enabled, then this is a finding. |
| Fix Text (F-33231r1_fix) |
|---|
| Update the time synchronization tool configuration so time source switching is logged. |