2.4 KiB
8.17 Clock synchronization
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
|---|---|---|---|---|
| #Detective | #Integrity | #Protect #Detect | #Information_security_event_management | #Protection #Defence |
Control The clocks of information processing systems used by the organization should be synchronized to approved time sources.
Purpose To enable the correlation and analysis of security-related events and other recorded data, and to support investigations into information security incidents.
Guidance External and internal requirements for time representation, reliable synchronization and accuracy should be documented and implemented. Such requirements can be from legal, statutory, regulatory, contractual, standards and internal monitoring needs. A standard reference time for use within the organization should be defined and considered for all systems, including building management systems, entry and exit systems and others that can be used to aid investigations.
A clock linked to a radio time broadcast from a national atomic clock or global positioning system (GPS) should be used as the reference clock for logging systems; a consistent, trusted date and time source to ensure accurate time-stamps. Protocols such as network time protocol (NTP) or precision time protocol (PTP) should be used to keep all networked systems in synchronization with a reference clock.
The organization can use two external time sources at the same time in order to improve the reliability of external clocks, and appropriately manage any variance.
Clock synchronization can be difficult when using multiple cloud services or when using both cloud and on-premises services. In this case, the clock of each service should be monitored and the difference recorded in order to mitigate risks arising from discrepancies.
Other information The correct setting of computer clocks is important to ensure the accuracy of event logs, which can be required for investi gations or as evidence in legal and disciplinary cases. Inaccurate audit logs can hinder such investigations and damage the credibility of such evidence.