STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-45 (1) — System Time Synchronization

CCI-004923

Definition

Compare the internal system clocks on an organization-defined frequency with organization-defined authoritative time source.

Parent Control

SC-45 (1)System Time SynchronizationSystem and Communications Protection

Linked STIG Checks (85)

V-204695CAT IIIAAA Services must be configured to use at least two NTP servers to synchronize time.AAA Services Security Requirements Guide V-204696CAT IIAAA Services must be configured to authenticate all NTP messages received from NTP servers and peers.AAA Services Security Requirements Guide V-243504CAT IIThe Windows Time Service on the forest root PDC Emulator must be configured to acquire its time from an external time source.Active Directory Forest Security Technical Implementation Guide V-274022CAT IIAmazon Linux 2023 must have the chrony package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274023CAT IIAmazon Linux 2023 chronyd service must be enabled.Amazon Linux 2023 Security Technical Implementation Guide V-274175CAT IIAmazon Linux 2023 must synchronize internal information system clocks to the authoritative time source at least every 24 hours.Amazon Linux 2023 Security Technical Implementation Guide V-268149CAT IINixOS must, for networked systems, compare internal information system clocks at least every 24 hours with a server which is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).Anduril NixOS Security Technical Implementation Guide V-259425CAT IIThe macOS system must enforce time synchronization.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259450CAT IIThe macOS system must be configured to use an authorized time server.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259451CAT IIThe macOS system must enable time synchronization daemon.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268427CAT IIThe macOS system must enforce time synchronization.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268449CAT IIThe macOS system must be configured to use an authorized time server.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268450CAT IIThe macOS system must enable the time synchronization daemon.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277035CAT IIThe macOS system must enforce time synchronization.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277057CAT IIThe macOS system must be configured to use an authorized time server.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277058CAT IIThe macOS system must enable the time synchronization daemon.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-204792CAT IIThe application server must compare internal application server clocks at least every 24 hours with an authoritative time source.Application Server Security Requirements Guide V-255958CAT IIThe Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-276016CAT IIAx-OS must compare the internal system clocks on an organization-defined frequency with an organization-defined authoritative time source.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-238356CAT IIThe Ubuntu operating system must, for networked systems, compare internal information system clocks at least every 24 hours with a server which is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260519CAT IIIUbuntu 22.04 LTS must, for networked systems, compare internal information system clocks at least every 24 hours with a server synchronized to one of the redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270751CAT IIIUbuntu 24.04 LTS must compare internal information system clocks at least every 24 hours with an authoritative time server.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-263585CAT IIThe Central Log Server must compare the internal system clocks on an organization-defined frequency with organization-defined authoritative time source.Central Log Server Security Requirements Guide V-239924CAT IIThe Cisco ASA must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.Cisco ASA NDM Security Technical Implementation Guide V-215693CAT IIThe Cisco router must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.Cisco IOS Router NDM Security Technical Implementation Guide V-220601CAT IIThe Cisco switch must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.Cisco IOS Switch NDM Security Technical Implementation Guide V-215838CAT IIThe Cisco router must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220549CAT IIThe Cisco switch must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-216535CAT IIThe Cisco router must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.Cisco IOS XR Router NDM Security Technical Implementation Guide V-220498CAT IIThe Cisco switch must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269533CAT IIThe chronyd service must be enabled.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269534CAT IIAlmaLinux OS 9 must have the chrony package installed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-263622CAT IIThe DBMS must compare the internal system clocks on an organization-defined frequency with organization-defined authoritative time source.Database Security Requirements Guide V-270644CAT IIThe Dell OS10 Switch must be configured to synchronize internal information system clocks using redundant authoritative time sources.Dell OS10 Switch NDM Security Technical Implementation Guide V-263646CAT IIThe DNS server implementation must compare the internal system clocks on an organization-defined frequency with organization-defined authoritative time source.Domain Name System (DNS) Security Requirements Guide V-203711CAT IIThe operating system must, for networked systems, compare internal information system clocks at least every 24 hours with an authoritative time source.General Purpose Operating System Security Requirements Guide V-255244CAT IISSMC must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.HPE 3PAR SSMC Operating System Security Technical Implementation Guide V-255277CAT IIThe HPE 3PAR OS must, for networked systems, compare internal information system clocks at least every 24 hours with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-283410CAT IIThe HPE Alletra Storage ArcusOS device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-268216CAT IIThe HYCU virtual appliance must be configured to synchronize internal information system clocks using redundant authoritative time sources.HYCU Protege Security Technical Implementation Guide V-215208CAT IIAIX must provide time synchronization applications that can synchronize the system clock to external time sources at least every 24 hours.IBM AIX 7.x Security Technical Implementation Guide V-223551CAT IIIBM z/OS Time Protocol must be properly configured.IBM z/OS ACF2 Security Technical Implementation Guide V-223552CAT IIThe IBM z/OS system must use a time protocol that syncs with an authoritative external time source.IBM z/OS ACF2 Security Technical Implementation Guide V-223774CAT IIThe IBM z/OS system must use a time protocol that syncs with an authoritative external time source.IBM z/OS RACF Security Technical Implementation Guide V-223775CAT IIIBM z/OS Time Protocol must be properly configured.IBM z/OS RACF Security Technical Implementation Guide V-224023CAT IIThe IBM z/OS system must use a time protocol that syncs with an authoritative external time source.IBM z/OS TSS Security Technical Implementation Guide V-224024CAT IIIBM z/OS Time Protocol must be properly configured. IBM z/OS SNTP daemon (SNTPD) permission bits must be properly configured.IBM z/OS TSS Security Technical Implementation Guide V-258610CAT IIThe ICS must be configured to synchronize internal information system clocks using redundant authoritative time sources.Ivanti Connect Secure NDM Security Technical Implementation Guide V-253920CAT IIThe Juniper EX switch must be configured to synchronize internal information system clocks using redundant authoritative time sources.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217334CAT IIThe Juniper router must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.Juniper Router NDM Security Technical Implementation Guide V-263687CAT IIThe Mainframe Product must compare the internal system clocks on an organization-defined frequency with organization-defined authoritative time source.Mainframe Product Security Requirements Guide V-253296CAT IIIThe Windows 11 time service must synchronize with an appropriate DOD time source.Microsoft Windows 11 Security Technical Implementation Guide V-205800CAT IIIThe Windows Server 2019 time service must synchronize with an appropriate DOD time source.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254281CAT IIIThe Windows Server 2022 time service must synchronize with an appropriate DOD time source.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278029CAT IIIThe Windows Server 2025 time service must synchronize with an appropriate DOD time source.Microsoft Windows Server 2025 Security Technical Implementation Guide V-264308CAT IIThe network device must be configured to compare the internal system clocks on an organization-defined frequency with organization-defined authoritative time source.Network Device Management Security Requirements Guide V-279450CAT IINutanix AOS must configure Network Time Protocol (NTP).Nutanix Acropolis Application Server Security Technical Implementation Guide V-279573CAT IIINutanix OS must configure redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).Nutanix Acropolis GPOS Security Technical Implementation Guide V-221866CAT IIThe Oracle Linux operating system must, for networked systems, synchronize clocks with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).Oracle Linux 7 Security Technical Implementation Guide V-248820CAT IIOL 8 must compare internal information system clocks at least every 24 hours with a server synchronized to an authoritative time source, such as the United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).Oracle Linux 8 Security Technical Implementation Guide V-271501CAT IIOL 9 must have the chrony package installed.Oracle Linux 9 Security Technical Implementation Guide V-271502CAT IIOL 9 must enable the chronyd service.Oracle Linux 9 Security Technical Implementation Guide V-271699CAT IIOL 9 must securely compare internal information system clocks at least every 24 hours.Oracle Linux 9 Security Technical Implementation Guide V-228663CAT IIIThe Palo Alto Networks security platform must compare internal information system clocks at least every 24 hours with an authoritative time server.Palo Alto Networks NDM Security Technical Implementation Guide V-228664CAT IIIThe Palo Alto Networks security platform must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.Palo Alto Networks NDM Security Technical Implementation Guide V-273851CAT IIThe RUCKUS ICX device must be configured to compare the internal system clocks on an organization-defined frequency with two organization-defined authoritative time sources.RUCKUS ICX NDM Security Technical Implementation Guide V-280958CAT IIRHEL 10 must have the "chrony" package installed.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-280959CAT IIRHEL 10 must enable the chronyd service.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281336CAT IIRHEL 10 must securely compare internal information system clocks at least every 24 hours.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-230484CAT IIRHEL 8 must securely compare internal information system clocks at least every 24 hours with a server synchronized to an authoritative time source, such as the United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-257943CAT IIRHEL 9 must have the chrony package installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257944CAT IIRHEL 9 chronyd service must be enabled.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257945CAT IIRHEL 9 must securely compare internal information system clocks at least every 24 hours.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-275613CAT IIUbuntu OS must compare internal information system clocks at least every 24 hours with a server synchronized to one of the redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS) to synchronize clocks between NetIM components.Riverbed NetIM OS Security Technical Implementation Guide V-256087CAT IIThe Riverbed NetProfiler must be configured to record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.Riverbed NetProfiler Security Technical Implementation Guide V-217281CAT IIThe SUSE operating system clock must, for networked systems, be synchronized to an authoritative DoD time source at least every 24 hours.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-279269CAT IIThe Edge SWG must authenticate Network Time Protocol sources using authentication that is cryptographically based.Symantec Edge SWG NDM Security Technical Implementation Guide V-254865CAT IIThe Tanium operating system (TanOS) must, for networked systems, compare internal information system clocks at least every 24 hours with a server synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).Tanium 7.x Operating System on TanOS Security Technical Implementation Guide V-252928CAT IITOSS must, for networked systems, compare internal information system clocks at least every 24 hours with a server which is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282549CAT IITOSS 5 must securely compare internal information system clocks at least every 24 hours.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282574CAT IITOSS 5 must have the chrony package installed.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282575CAT IITOSS 5 chronyd service must be enabled.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-258927CAT IIThe vCenter Server must compare internal information system clocks at least every 24 hours with an authoritative time server.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-207463CAT IIThe VMM must, for networked systems, compare internal information system clocks at least every 24 hours with an authoritative time source.Virtual Machine Manager Security Requirements Guide V-264359CAT IIThe web server must compare the internal system clocks on an organization-defined frequency with organization-defined authoritative time source.Web Server Security Requirements Guide