← Back to IBM DataPower Network Device Management Security Technical Implementation Guide

V-65149

CAT III (Low)

The DataPower Gateway must compare internal information system clocks at least every 24 hours with an authoritative time server.

Rule ID

SV-79639r1_rule

STIG

IBM DataPower Network Device Management Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001891

Discussion

Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside of the configured acceptable allowance (drift) may be inaccurate. Additionally, unnecessary synchronization may have an adverse impact on system performance and may indicate malicious activity. Synchronizing internal information system clocks provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.

Check Content

Using the DataPower web interface, go to Network >> Interface >> NTP Service. Confirm that the Administrative state is enabled, NTP Servers are configured, and that the Refresh Interval is set to 2040 seconds or less. If it is not, this is a finding.

Fix Text

Configure the DataPower Gateway to synchronize internal information system clocks to the authoritative time source (NTP servers).

In the DataPower WebGUI, go to Network >> Interface >> NTP Service. Specify the IP addresses of several approved NTP servers. The refresh interval may be defined at any value between 60 and 86400 seconds.