CMMC Practice AU.L2-3.3.7 – Authoritative Time Source: Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
Links to Publicly Available Resources
This article talks about how NTP works, NTP vulnerabilities, and best practices; configuration of the NTP server. This is a whitepaper from Cisco on the NTP Protocol. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. This is Internet Engineering task force’s updated best practices for Network Time Protocol. This article speaks to NIST's NTP servers that support authentication.
Discussion [NIST SP 800-171 R2]
Internal system clocks are used to generate time stamps, which include date and time. Time is expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities. This requirement provides uniformity of time stamps for systems with multiple system clocks and systems connected over a network.
Further Discussion
Each system must synchronize its time with a central time server to ensure that all systems are recording audit logs using the same time source. Reviewing audit logs from multiple systems can be a difficult task if time is not synchronized. Systems can be synchronized to a network device or directory service or configured manually.