2.3.1.4 Set 'key' for each 'ntp server'

Information

Specifies the authentication key for NTP.

This authentication feature provides protection against accidentally synchronizing the ntp system to another system that is not trusted, because the other system must know the correct authentication key.

Solution

Configure each NTP Server to use a key ring using the following command.

hostname(config)#ntp server {<em>ntp-server_ip_address</em>}{key <em>ntp_key_id</em>}

Impact:

Organizations should establish three Network Time Protocol (NTP) hosts to set consistent time across the enterprise. Enabling the 'ntp server key' command enforces encrypted authentication between NTP hosts.

See Also

https://workbench.cisecurity.org/benchmarks/17130

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-7, 800-53|AU-8, CSCv7|6.1

Plugin: Cisco

Control ID: 3eea3d507c735fedd9809061f639faa3c2694d0e02058e22cc8a0b9d4f6ed8c7