Rule ID
SV-222499r961446_rule
Version
V6R4
CCIs
Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the application include date and time. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks.
Review the system documentation and interview the application administrator to determine where application audit logs are written and how time stamps are recorded. If the application utilizes the underlying OS for time stamping and time synchronization when writing the audit logs, this requirement is not applicable. Access and review log files over a period of at least 10 minutes; compare time stamps written in the application log to the system clock to ensure time is synchronized to within 1 second of precision. If the application audit log time stamps differ from the OS time source by more than one second, this is a finding.
Configure the application to leverage the underlying operating system as the time source when recording time stamps or design the application to ensure granularity of 1 second as the minimum degree of precision.