03.03.07: Time Stamps

Control Familly: Audit and Accountability

SPRS: N/A

Top Ten Failed Requirement: N/A

Supporting Publications:

N/A

Referenced in: N/A

Control Type: N/A

CPCSC Level 2: 03.03.07

CMMC Level(s): N/A

Derived From: NIST SP 800-53r5AU-08

a. Use internal system clocks to generate time stamps for audit records.

b. Record time stamps for audit records that meet [Assignment: organizationdefined granularity of time measurement] and that use Coordinated Universal Time (UTC), have a fixed local time offset from UTC, or include the local time offset as part of the time stamp.

Discussion:

Time stamps generated by the system include the date and time. Time is often expressed in Coordinated Universal Time (UTC) — a modern continuation of Greenwich Mean Time (GMT) — or local time with an offset from UTC. The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks (e.g., clocks synchronizing within hundreds or tens of milliseconds). Organizations may define different time granularities for system components. Time service can be critical to other security capabilities (e.g., access control and identification and authentication), depending on the nature of the mechanisms used to support those capabilities.

Assessment Methods and Objectives

Examine [SELECT FROM: audit and accountability policy and procedures; procedures for timestamp generation; system design documentation; system configuration settings; system audit records; system security plan; other relevant documents or records]

Interview [SELECT FROM: personnel with information security responsibilities; system developers; system administrators]

Test [SELECT FROM: mechanisms for implementing timestamp generation]

NIST SP 800-171A r3 Determining Statements Determine if:

A.03.03.07.ODP[01]: granularity of time measurement for audit record time stamps is defined.

A.03.03.07.a: internal system clocks are used to generate time stamps for audit records.

A.03.03.07.b[01]: time stamps are recorded for audit records that meet <A.03.03.07.ODP[01]: granularity of time measurement>.

A.03.03.07.b[02]: time stamps are recorded for audit records that use Coordinated Universal Time (UTC), have a fixed local time offset from UTC, or include the local time offset as part of the time stamp.