NIST SP 800-171 Security control 3.3.7 states “Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.”
How to Meet NIST SP 800-171 3.3.7 Requirement
To meet this requirement you need to ensure that your information system components such as laptops, desktops, network devices, and servers are synchronized with an “authoritative” time source. The best example and the solution you should probably use as an authoritative time source is time.nist.gov.
Configure your laptops, desktops, network devices, and servers to sync their system clocks with time.nist.gov. To learn how to do this simply perform an online search on how to set the system time server for a given device.
Why this Requirements is Important
If your system does not keep accurate time they will incorrectly create time stamps for audit logs. This inhibits your ability to investigate security incidents. Imagine if all of your systems have different times? It will be very difficult to correlate events from one system to another. Performing an investigation into a cyber incident is extremely difficult if system times are not synchronized with an authoritative time source.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.