Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Web Server Security Requirements Guide
SRG-APP-000116
The web server must use the internal system clock to generate time stamps for log records.
The web server must use the internal system clock to generate time stamps for log records.
An XCCDF Rule
Details
Profiles
Prose
The web server must use the internal system clock to generate time stamps for log records.
Medium Severity
<VulnDiscussion>Without an internal clock used as the reference for the time stored on each event to provide a trusted common reference for the time, forensic analysis would be impeded. Determining the correct time a particular event occurred on the web server is critical when conducting forensic analysis and investigating system events. If the internal clock is not used, the web server may not be able to provide time stamps for log messages. The web server can use the capability of an operating system or purpose-built module for this purpose. Time stamps generated by the web server shall include both date and time. The time may be expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>