SC 45 SYSTEM TIME SYNCHRONIZATION - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

Control: Synchronize system clocks within and between systems and system components.

Discussion: Time synchronization of system clocks is essential for the correct execution of many system services, including identification and authentication processes that involve certificates and time-of-day restrictions as part of access control. Denial of service or failure to deny expired credentials may result without properly synchronized clocks within and between systems and system components. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks, such as clocks synchronizing within hundreds of milliseconds or tens of milliseconds. Organizations may define different time granularities for system components. Time service can be critical to other security capabilities—such as access control and identification and authentication—depending on the nature of the mechanisms used to support the capabilities.

Related Controls: AC-3 , AU-8 , IA-2 , IA-8.

Control Enhancements:

• (1) SYSTEM TIME SYNCHRONIZATION / SYNCHRONIZATION WITH AUTHORITATIVE TIME SOURCE
  

  • (a) Compare the internal system clocks [ Assignment: organization-defined frequency ] with [ Assignment: organization-defined authoritative time source ]; and
  • (b) Synchronize the internal system clocks to the authoritative time source when the time difference is greater than [ Assignment: organization-defined time period ].

  Discussion: Synchronization of internal system clocks with an authoritative source provides uniformity of time stamps for systems with multiple system clocks and systems connected over a network.

  Related Controls: None.

• (2) SYSTEM TIME SYNCHRONIZATION / SECONDARY AUTHORITATIVE TIME SOURCE
  

  • (a) Identify a secondary authoritative time source that is in a different geographic region than the primary authoritative time source; and
  • (b) Synchronize the internal system clocks to the secondary authoritative time source if the primary authoritative time source is unavailable.

  Discussion: It may be necessary to employ geolocation information to determine that the secondary authoritative time source is in a different geographic region.

  Related Controls: None.

References: [IETF 5905].