2.3.2.1 Ensure Set Time and Date Automatically Is Enabled

Information

Correct date and time settings are required for authentication protocols, file creation, modification dates, and log entries.

Note: If your organization has internal time servers, enter them here. Enterprise mobile devices may need to use a mix of internal and external time servers. If multiple servers are required, use the Date & Time System Preference with each server separated by a space.

Additional Note: The default Apple time server is time.apple.com. Variations include time.euro.apple.com. While it is certainly more efficient to use internal time servers, there is no reason to block access to global Apple time servers or to add a time.apple.com alias to internal DNS records. There are no reports that Apple gathers any information from NTP synchronization, as the computers already phone home to Apple for Apple services including iCloud use and software updates. Best practice is to allow DNS resolution to an authoritative time service for time.apple.com, preferably to connect to Apple servers, but local servers are acceptable as well.

Kerberos may not operate correctly if the time on the Mac is off by more than 5 minutes. This in turn can affect Apple's single sign-on feature, Active Directory logons, and other features.

Solution

Graphical Method:

Perform the following to enable the date and time to be set automatically:

- Open System Settings
- Select General
- Select Date & Time
- Set Set time and date automatically to enabled

Note: By default, the operating system will use time.apple.com as the time server. You can change to any time server that meets your organization's requirements.

Terminal Method:

Run the following commands to enable the date and time setting automatically:

$ /usr/bin/sudo /usr/sbin/systemsetup -setnetworktimeserver <your.time.server>

setNetworkTimeServer: <your.time.server>

$ /usr/bin/sudo /usr/sbin/systemsetup -setusingnetworktime on

setUsingNetworkTime: On

example

:

$ /usr/bin/sudo /usr/sbin/systemsetup -setnetworktimeserver time.apple.com

setNetworkTimeServer: time.apple.com

$ /usr/bin/sudo /usr/sbin/systemsetup -setusingnetworktime on

setUsingNetworkTime: On

Run the following commands if you have not set, or need to set, a new time zone:

$ /usr/bin/sudo /usr/sbin/systemsetup -listtimezones

$ /usr/bin/sudo /usr/sbin/systemsetup -settimezone <selected time zone>

example

:

$ /usr/bin/sudo /usr/sbin/systemsetup -listtimezones

Time Zones:
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
...

$ /usr/bin/sudo /usr/sbin/systemsetup -settimezone America/New_York

Set TimeZone: America/New_York

Impact:

The timed service will periodically synchronize with named time servers and will make the computer time more accurate.

See Also

https://workbench.cisecurity.org/benchmarks/15551

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-7, 800-53|AU-8, CSCv7|6.1

Plugin: Unix

Control ID: 3adf856aed9d1fe2d4ee92dd5fe65cecbd5682239241fc8aa504b7a44151247f