← Back to Nutanix Acropolis GPOS Security Technical Implementation Guide

V-279573

CAT III (Low)

Nutanix OS must configure redundant United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).

Rule ID

SV-279573r1192434_rule

STIG

Nutanix Acropolis GPOS Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001890 CCI-004922 CCI-004923 CCI-004926

Discussion

Nutanix OS must compare internal information system clocks at least every 24 hours with a server synchronized to one of the redundant USNO time servers, or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the GPS to synchronize clocks between NetIM components. Satisfies: SRG-OS-000359-GPOS-00146, SRG-OS-000785-GPOS-00250, SRG-OS-000355-GPOS-00143, SRG-OS-000356-GPOS-00144

Check Content

Verify Nutanix OS is using Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).

1. Verify the "maxpoll" option is set to 16 or fewer and is not commented out using the following command.

$ sudo grep maxpoll /etc/chrony.conf
server 0.us.pool.ntp.mil maxpoll 10 iburst

2. Verify the "chrony.conf" file is configured to an authoritative DOD time source using the following command.

$ sudo grep -i server /etc/chrony.conf
server 0.us.pool.ntp.mil

If the parameter "server" is not set to an authoritative DOD time source, this is a finding.

Fix Text

Run the following command to add a list of DOD-approved NTP servers.

$ ncli cluster add-to-ntp-servers servers=IP_1,IP_2,IP_3