1. Home
  2. FedRAMP
  3. AU-8

BRACKETOLOGY | FEDRAMP

AU-8: TIME STAMPS

  • FedRAMP Baseline Membership AU-8:
  • LOW
  • MODERATE
  • HIGH

FedRAMP Bracketology

Use the FedRAMP Control Membership information above to determine if a control or control enhancement is required for each Impact Baseline — LOW, MODERATE, or HIGH

Click on the panel below each control or control enhancement to review the FedRAMP Impact Baseline-specific control configuration requirements for each of the [BRACKETS] in each control and/or control enhancement.

Review and use Additional Requirements and Guidance to build FedRAMP-compliant controls for your risk-based cybersecurity program.

To change the baseline view in the panel, click on LOW, MODERATE, or HIGH when the panel is open

Panels only appear where there are [BRACKETS] in the control or enhancement or where there is FedRAMP-specific requirements or guidance available.

The information system:

    • a. Uses internal system clocks to generate time stamps for audit records; and
    • b. Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [Assignment: organization-defined granularity of time measurement].

Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.

There are no FedRAMP-specific requirements if this control is used for a Low Impact system.

There are no FedRAMP-specific requirements if this control is used for a Moderate Impact system.

There are no FedRAMP-specific requirements if this control is used for a High Impact system.

SUPPLEMENTAL GUIDANCE

Time stamps generated by the information system include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Granularity of time measurements refers to the degree of synchronization between information system clocks and reference clocks, for example, clocks synchronizing within hundreds of milliseconds or within tens of milliseconds. Organizations may define different time granularities for different system components. Time service can also be critical to other security capabilities such as access control and identification and authentication, depending on the nature of the mechanisms used to support those capabilities.

CONTROL ENHANCEMENTS

AU-8 (1) TIME STAMPS | SYNCHRONIZATION WITH AUTHORITATIVE TIME SOURCE
  • FedRAMP Baseline Membership AU-8 (1):
  • MODERATE
  • HIGH

The information system:

    • (a) Compares the internal information system clocks [Assignment: organization-defined frequency] with [Assignment: organization-defined authoritative time source]; and
    • (b) Synchronizes the internal system clocks to the authoritative time source when the time difference is greater than [Assignment: organization-defined time period].

Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.

There are no FedRAMP-specific requirements if this control is used for a Low Impact system.

AU-8 (1)(a): Compare the internal information system clocks at least hourly with http://tf.nist.gov/tf-cgi/servers.cgi; and

AU-8 (1)(b): Synchronizes the internal system clocks to the authoritative time source when the time difference is greater than organization-defined time period.

FedRAMP REQUIREMENTS: The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server.

  1. The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server.
  2. The service provider selects primary and secondary time servers used by the NIST Internet time service, or by a Stratum-1 time server. The secondary server is selected from a different geographic region than the primary server.
  3. The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server.
  4. The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server.

FedRAMP GUIDANCE:

  1. If using Windows Active Directory, all servers should synchronize time with the time source for the Windows Domain Controller. If using some other directory services (e.g., LDAP), all servers should synchronize time with the time source for the directory server.
  2. Synchronization of system clocks improves the accuracy of log analysis.

AU-8 (1)(a): Compare the internal information system clocks at least hourly with http://tf.nist.gov/tf-cgi/servers.cgi; and

AU-8 (1)(b): Synchronizes the internal system clocks to the authoritative time source when the time difference is greater than organization-defined time period.

FedRAMP REQUIREMENTS: The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server.

  1. The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server.
  2. The service provider selects primary and secondary time servers used by the NIST Internet time service, or by a Stratum-1 time server. The secondary server is selected from a different geographic region than the primary server.
  3. The service provider selects primary and secondary time servers used by the NIST Internet time service. The secondary server is selected from a different geographic region than the primary server.
  4. The service provider synchronizes the system clocks of network computers that run operating systems other than Windows to the Windows Server Domain Controller emulator or to the same time source for that server.

FedRAMP GUIDANCE:

  1. If using Windows Active Directory, all servers should synchronize time with the time source for the Windows Domain Controller. If using some other directory services (e.g., LDAP), all servers should synchronize time with the time source for the directory server.
  2. Synchronization of system clocks improves the accuracy of log analysis.

Supplemental Guidance:

This control enhancement provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.

AU-8 (2) TIME STAMPS | SECONDARY AUTHORITATIVE TIME SOURCE

The information system identifies a secondary authoritative time source that is located in a different geographic region than the primary authoritative time source.

Supplemental Guidance: NONE

REFERENCES:

  • NO REFERENCES