Configure the time server in accordance with organizational standards.
CONTROL ID 06426
CONTROL TYPE Configuration
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain system hardening procedures., CC ID: 12001
This Control has the following implementation support Control(s):
Configure the time server to synchronize with specifically designated hosts., CC ID: 06427
Restrict access to time server configuration to personnel with a business need., CC ID: 06858
Keep current the time synchronization technology., CC ID: 12548
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Securing the virtualization platform - Privileged partition operating system hardening â (i) Limit VM resource use: set limits on the use of resources (e.g., processors, memory, disk space, virtual network interfaces) by each VM so that no one VM can monopolize resources on a system. (ii) Ensure t… (EMERGING TECHNOLOGIES AND INFORMATION SECURITY 1 ¶ 9 a., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
The system must have a defined time zone and date standard, since systems may span several time zones. (¶ 21.8 Bullet 4, Good Practices For Computerized systems In Regulated GXP Environments)
One or more designated time servers are in use. (10.6.2 Bullet 1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
Time synchronization settings and data are protected as follows: (10.6.3, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
Examine system configuration settings for acquiring, distributing, and storing the correct time to verify the settings are configured in accordance with all elements specified in this requirement. (10.6.2, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
Where there is more than one designated time server, do the time servers peer with each other to keep accurate time? (PCI DSS Question 10.4.1(b), PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
Where there is more than one designated time server, do the time servers peer with each other to keep accurate time? (PCI DSS Question 10.4.1(b), PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
One or more designated time servers are in use. (10.6.2 Bullet 1, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
Time synchronization settings and data are protected as follows: (10.6.3, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
Time synchronization settings and data are protected as follows: (10.6.3, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
One or more designated time servers are in use. (10.6.2 Bullet 1, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
One or more designated time servers are in use. (10.6.2 Bullet 1, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
Time synchronization settings and data are protected as follows: (10.6.3, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
One or more designated time servers are in use. (10.6.2 Bullet 1, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
Time synchronization settings and data are protected as follows: (10.6.3, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
When the NTP source originates from an internal clock, ensure all routers use MD5 to authenticate the time source. (ROUTER SECURITY SECURING ROUTER PLANES: Logging Integrity: ¶ 4, Guideline 662G1: Systems Security, 662G1-00)