STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to SEL-2740S NDM Security Technical Implementation Guide

V-94589

CAT II (Medium)

The SEL-2740S must authenticate Network Time Protocol sources using authentication that is cryptographically based.

Rule ID

SV-104419r2_rule

STIG

SEL-2740S NDM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001967

Discussion

If Network Time Protocol is not authenticated, an attacker can introduce a rogue NTP server. This rogue server can then be used to send incorrect time information to network devices, which will make log timestamps inaccurate and affect scheduled actions. NTP authentication is used to prevent this tampering by authenticating the time source.

Check Content

Verify NTP packets only traverse on the private network by traffic engineering both the physical path and redundant path between switch and NTP server.

1. Login to the OTSDN Controller with permission Level 3 rights into parent.
2. Go to the Configuration Objects settings page.
3. Review the NTP Server IP addresses in the settings fields.

If the IP addresses are not within the private network, this is a finding.

Fix Text

Deploy the NTP server within the private network. Provision both the physical path and redundant path between the switch and NTP server to ensure NTP packets only traverse the private network. Use multilayer packet inspection at each hop of the switches to whitelist only the intended NTP clients and server can communicate to each other.