Title: The DBMS must synchronize with internal operating system clocks which in turn, are synchronized on an organization defined frequency with an organization defined authoritative time source.
Vulnerability ID: V-32392
IA Controls: None
Description: Determining the correct time a particular application event occurred on a system is critical when conducting forensic analysis and investigating system events.
Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple systems. To meet that requirement the organization will define an authoritative time source and frequency to which each system will synchronize its internal clock.
An example is utilizing the NTP protocol to synchronize with centralized NTP servers. Timestamps generated by the information system shall include both date and time. The time may be expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC.
Applications not purposed to provide NTP services should not try to compete with or replace NTP functionality and should synchronize with internal information system clocks that are in turn synchronized with an organization defined authoritative time source.
Check Text: Review DBMS settings to determine if it is synchronizing with the internal information system clock. If audit records are being time stamped with times that are not from a synchronized source, this is a finding.
Fix Text: Modify DBMS settings to synchronize internal DBMS clock with information system clock. Timestamps must use a time source that has been synchronized with the internal information system clock.[divider]