Rule ID
SV-279426r1191064_rule
Version
V1R1
CCIs
Without using an approved and synchronized time source on the systems, events cannot be accurately correlated and analyzed to determine what is transpiring within the application server. If an event has been triggered on the network and the application server is not configured with the correct time, the event may be seen as insignificant, when in reality the events are related and may have a larger impact across the network. Synchronization of system clocks is needed to correctly correlate the timing of events that occur across multiple systems. Determining the correct time a particular event occurred on a system, via time stamps, is critical when conducting forensic analysis and investigating system events. Application servers must use the internal system clock when generating time stamps and log records.
Confirm Prism Element is set to use an authoritative time source to generate time stamps for log records. 1. Log in to Prism Element. 2. Select the gear icon in upper-right corner. 3. Select "NTP Servers" from the left navigation pane. If no authoritative time sources are listed, this is a finding.
Configure Prism Element to use organization-identified authoritative time sources. 1. Log in to Prism Element. 2. Select the gear icon in upper-right corner. 3. Select "NTP Servers" from the left navigation pane. 4. Enter authoritative time sources, then click "Add". Multiple time sources can be added.