10.6.2 Systems are configured to the correct and consistent time as follows

This requirement specifies how systems should be configured to maintain correct and consistent time across the environment.

Defined Approach Requirements

10.6.2 Systems are configured to the correct and consistent time as follows:

• One or more designated time servers are in use.
• Only the designated central time server(s) receives time from external sources.
• Time received from external sources is based on International Atomic Time or Coordinated Universal Time (UTC).
• The designated time server(s) accept time updates only from specific industry-accepted external sources.
• Where there is more than one designated time server, the time servers peer with one another to keep accurate time.
• Internal systems receive time information only from designated central time server(s).

Defined Approach Testing Procedures

10.6.2 Examine system configuration settings for acquiring, distributing, and storing the correct time to verify the settings are configured in accordance with all elements specified in this requirement.

Customized Approach Objective

The time on all systems is accurate and consistent.

Purpose

Using reputable time servers is a critical component of the time synchronization process. Accepting time updates from specific, industry-accepted external sources helps prevent a malicious individual from changing time settings on systems.

Good Practice

Another option to prevent unauthorized use of internal time servers is to encrypt updates with a symmetric key and create access control lists that specify the IP addresses of client machines that will be provided with the time updates.