National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security Controls and Assessment Procedures for Federal Information Systems and Organizations

AU-8 TIME STAMPS

Family:
AU - AUDIT AND ACCOUNTABILITY
Class:
Priority:
P1 - Implement P1 security controls first.
Baseline Allocation:
Low Moderate High
AU-8 AU-8 (1) AU-8 (1)

Control Description

The information system:

a. Uses internal system clocks to generate time stamps for audit records; and

b. Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [Assignment: organization-defined granularity of time measurement].

Supplemental Guidance

Time stamps generated by the information system include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities.

Related to: AU-3AU-12

Control Enhancements

AU-8(1) TIME STAMPS | SYNCHRONIZATION WITH AUTHORITATIVE TIME SOURCE
The information system:
AU-8 (1)(a)
Compares the internal information system clocks [Assignment: organization-defined frequency] with [Assignment: organization-defined authoritative time source]; and
AU-8 (1)(b)
Synchronizes the internal system clocks to the authoritative time source when the time difference is greater than [Assignment: organization-defined time period].
Supplemental Guidance: This control enhancement provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.
AU-8(2) TIME STAMPS | SECONDARY AUTHORITATIVE TIME SOURCE
The information system identifies a secondary authoritative time source that is located in a different geographic region than the primary authoritative time source.

References

None.