The time synchronization tool must be configured to enable logging of time source switching.

From Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide

Part of Time Synchronization Source Logging

Associated with IA controls: ECTM-2, ECTM-1

Associated with: CCI-000366

SV-51182r3_rule The time synchronization tool must be configured to enable logging of time source switching.

Vulnerability discussion

When a time synchronization tool executes, it may switch between time sources according to network or server contention. If switches between time sources are not logged, it may be difficult or impossible to detect malicious activity or availability problems.

Check content

Verify logging is configured to capture time source switches. If the Windows Time Service is used, verify the following registry value. If it is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \System\CurrentControlSet\Services\W32Time\Config\ Value Name: EventLogFlags Type: REG_DWORD Value: 2 or 3 If another time synchronization tool is used, review the available configuration options and logs. If the tool has time source logging capability and it is not enabled, this is a finding.

Fix text

Configure the time synchronization tool to log time source switching. If the Windows Time Service is used, configure the following registry value. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \System\CurrentControlSet\Services\W32Time\Config\ Value Name: EventLogFlags Type: REG_DWORD Value: 2 or 3

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer