The ESXi host must configure NTP time synchronization.

An XCCDF Rule

Description

<VulnDiscussion>To ensure the accuracy of the system clock, it must be synchronized with an authoritative time source within DOD. Many system functions, including time-based logon and activity restrictions, automated reports, system logs, and audit records, depend on an accurate system clock. If there is no confidence in the correctness of the system clock, time-based functions may not operate as intended and records may be of diminished value. Satisfies: SRG-OS-000355-VMM-001330, SRG-OS-000356-VMM-001340</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256409r886008_rule
Severity: Medium
References: CCI-001891 CCI-002046
Updated: 9 months ago

From the vSphere Client, go to Hosts and Clusters.

Select the ESXi Host >> Configure >> System >> Time Configuration.

Under "Network Time Protocol", click "Edit...". Ensure the "NTP Servers" are authorized DOD time sources. 
Ensure the "NTP Service Startup Policy" is set to "Start and stop with host". 

Ensure the "Enable" checkbox, in the upper left, is checked. Click "OK".

Click "Edit" to configure the NTP service to start and stop with the host and with authoritative DOD time sources.

or

From a PowerCLI command prompt while connected to the ESXi host, run the following commands:

$NTPServers = "ntpserver1","ntpserver2"
Get-VMHost | Add-VMHostNTPServer $NTPServers
Get-VMHost | Get-VMHostService | Where {$_.Label -eq "NTP Daemon"} | Set-VMHostService -Policy On
Get-VMHost | Get-VMHostService | Where {$_.Label -eq "NTP Daemon"} | Start-VMHostService

The ESXi host must configure NTP time synchronization.

Description

Remediation - Manual Procedure