Back to Control Explorer
AU.2.043
Content
Control Acronym
AU
Family
Audit And Accountability
CMMC Level
2
800-171 Control #
3.3.7
CMMC Description
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
CMMC Clarification
Some organizations have many machines. It is good practice to setup each machine to synchronize its time with a central time server. This ensures that all machines are recording audit logs using the same time source. This is important when you review audit logs for suspicious activity. You need to review events from multiple machines. This can be a difficult task if the time is not synchronized for all machines. To use the same time source, you can synchronize machines to a network device or directory service. Also, you can configure machines manually to use the same time servers on the internet. Example You are setting up several new computers on your company’s network. They are not setup on a domain. You update the time settings on each machine to use the same authoritative time server on the internet. If you have to review audit logs, all your machines will have synchronized time. This helps you investigate a potential incident.
800-171 Description
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
800-171 Discussion
Internal system clocks are used to generate time stamps, which include date and time. Time is expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. This requirement provides uniformity of time stamps for systems with multiple system clocks and systems connected over a network. See [IETF 5905].
Other Source Discussion
N/A
CIS Control References
CIS Controls v7.1 6.1
NIST 800-53 Control Ref.
NIST SP 800-53 Rev 4 AU-8, AU-8(1)
CMMC Derived
NIST CSF Control References
NIST 800-171 References
NIST SP 800-171 Rev 1 3.3.7
Applicable FAR Clause
NIST CSF Control Reference
NIST CSF v1.1 PR.PT-1
CERT RMM Reference
Modification of NIST 800-171B Reference
NIST 800-171B Reference
UK NCSCCyber Reference
AS ACSC Reference
Sub-Criterias
Assessment Sub-Criteria 1
AU.2.043.[a] internal system clocks are used to generate time stamps for audit records;
Assessment Sub-Criteria 2
AU.2.043.[b] an authoritative source with which to compare and synchronize internal system clocks is specified; and
Assessment Sub-Criteria 3
AU.2.043.[c] internal system clocks used to generate time stamps for audit records are compared to and synchronized with the specified authoritative time source.