6.1: Utilize Three Synchronized Time Sources
Use at least three synchronized time sources from which all servers and network devices retrieve time information on a regular basis so that timestamps in logs are consistent.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Detect |
2, 3 |
Dependencies
Sub-control 1.5: Maintain Asset Inventory Information
Inputs
The list of endpoints
The list of network time sources/NTP servers
Operations
From the list of endpoints, filter to collect the list of those servers and network devices that should be configured.
From the list of servers/network devices, collect each endpoint’s network time configuration
Collect the list of servers/network devices whose network time configuration does not include a network time source.
Measures
M1 = Count of endpoints
M2 = Count of endpoints configured to synchronize with NTP servers
M3 = Count of endpoints whose network time configuration does not include an approved network time source
M4(i) = (For each endpoint “i” collected in Operation 1) 1 when the number of configured NTP servers >= 3; 0 otherwise.
M5 = List of endpoints configured to synchronize with NTP servers
M6 = List of endpoints whose network time configuration does not include an approved network time source
Metrics
NTP Compliance Coverage
Metric |
The ratio of endpoints using at least 3 synchronized time sources to the total
set of endpoints
|
Calculation |
|