The application server must compare internal application server clocks at least every 24 hours with an authoritative time source.

From Application Server Security Requirements Guide

Associated with: CCI-001891

SV-71707r2_rule The application server must compare internal application server clocks at least every 24 hours with an authoritative time source.

Vulnerability discussion

Determining the correct time a particular application event occurred on a system is critical when conducting forensic analysis and investigating system events.Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple systems. To meet this requirement, the organization will define an authoritative time source and have each system compare its internal clock at least every 24 hours.

Check content

Review application server documentation and confirm that the application server compares internal application server clocks at least every 24 hours with an authoritative time source. If the application server does not compare internal application server clocks to an authoritative source or if the frequency is greater than every 24 hours, this is a finding.

Fix text

Configure the application server to compare internal application server clocks at least every 24 hours with an authoritative time source.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.