Automation Controller must compare internal application server clocks at least every 24 hours with an authoritative time source.

An XCCDF Rule

Description

<VulnDiscussion>When conducting forensic analysis and investigating system events, it is critical that timestamps accurately reflect the time of application events. If timestamps are not deemed to be accurate, the integrity of the forensic analysis and the associated determinations are at stake. This leaves the organization and the system vulnerable to intrusions. Satisfies: SRG-APP-000371-AS-000077, SRG-APP-000372-AS-000212</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256909r986177_rule
Severity: Medium
References: CCI-004923 CCI-004926
Updated: 19 days ago

As a system administrator, for each Automation Controller host, configure the NTP client to synchronize to an organizationally defined NTP server:

vi /etc/chrony.conf

Restart the Automation Controller host:
$ shutdown -r

Automation Controller must compare internal application server clocks at least every 24 hours with an authoritative time source.

Description

Remediation - Manual Procedure