AU-8 (1): Synchronization With Authoritative Time Source

old.reddit.com / @/u/angel_grgg, https://old.reddit.com/user/angel_grgg

Hello All,

TL;DR: From an IA/auditor/analyst prospective, is wrong to have multiple time zones in a local IS?

There's a subset of machines in my IS (LAN no WAN) that need to be on GMT time versus the local time. This was discovered during a Splunk audit of the logs where the auditor mistakenly marked some users as being logged in during unusual hours. This sprung the question of "Do all systems need to be on the same time?"

We came up with the control that states:

Control Statement

The information system:

  1. Compares the internal information system clocks [organization-defined frequency] with [organization-defined authoritative time source]; and
  2. Synchronizes the internal system clocks to the authoritative time source when the time difference is greater than [Assignment: organization-defined time period].

Supplemental Guidance

This control enhancement provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.

Just looking at the control statement I am thinking as long as all the machines in the IS are syncing to the NTP server (which they do) we should be good, even if some of the machines are in GMT time.

But the supplemental guidance shows that the control is meant to provide "uniformity of time stamps".

So my question is: From an IA/auditor/analyst prospective, is wrong to have multiple time zones in a local IS?

submitted by /u/angel_grgg
[link] [comments]

published about 1 year ago


Previous

CBC mode encryption algorithm
published about 1 year ago

Next

Aaaaand RMFKS is down... Again.
published about 1 year ago
See all items from the same source