10.6.1 System clocks and time are synchronized using time-synchronization technology.

This requirement ensures that system clocks and time are properly synchronized across all systems using time-synchronization technology.

Defined Approach Requirements

10.6.1 System clocks and time are synchronized using time-synchronization technology.

Defined Approach Testing Procedures

10.6.1 Examine system configuration settings to verify that time-synchronization technology is implemented and kept current.

Customized Approach Objective

Common time is established across all systems.

Applicability Notes

Keeping time-synchronization technology current includes managing vulnerabilities and patching the technology according to PCI DSS Requirements 6.3.1 and 6.3.3.

Purpose

Time synchronization technology is used to synchronize clocks on multiple systems. When clocks are not properly synchronized, it can be difficult, if not impossible, to compare log files from different systems and establish an exact sequence of events, which is crucial for forensic analysis following a breach.

For post-incident forensics teams, the accuracy and consistency of time across all systems and the time of each activity are critical in determining how the systems were compromised.

Examples

Network Time Protocol (NTP) is one example of time-synchronization technology.