Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system:
a. Uses internal system clocks to generate time stamps for audit records; and
b. Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [FedRAMP Assignment: (H) one second granularity of time measurement].
NIST 800-53 (r4) Supplemental Guidance:
Time stamps generated by the information system include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. Related controls: AU-3, AU-12.
References: None.
NIST 800-53 (r5) Discussion:
Time stamps generated by the system include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks (e.g., clocks synchronizing within hundreds of milliseconds or tens of milliseconds). Organizations may define different time granularities for different system components. Time service can be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities.
38North Guidance:
Meets Minimum Requirement:
Part a. The Cloud Service Offering (CSO) is configured to provide consistent and accurate date and timestamps when analyzing record data. As a result, the CSO system clocks must be synched to ensure consistency across all CSO audit log timestamps. This is typically done with the implementation of a CSO Network Time Protocol (NTP) server. The accuracy and integrity of audit records is required in the event legal proceedings demand evidence.
Part b. The CSO configures the CSO NTP server to map time directly from Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets the high requirement of one second granularity of time measurement.
Best Practice: The CSP should use a NTP server to ensure consistency of records with other network devices.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Review the CSO SIEM tool during a screenshare and look for timestamps within the audit logs recorded within the SIEM.
Review the CSO NTP server to determine whether the server is mapped to receive time from Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets the high requirement of one second granularity of time measurement.
Review CSO component configurations to ensure all components receive their time from the CSO NTP server.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse