2.2.2 Ensure time set is within appropriate limits

Information

Kerberos may not operate correctly if the time on the Mac is off by more than 5 minutes. This in turn can affect Apple's single sign-on feature, Active Directory logons, and other features. Audit check is for more than 4 minutes and 30 seconds ahead or behind.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Perform the following to implement the prescribed state:
In Terminal, run the following command:
sudo systemsetup -getnetworktimeserver
Use 'Network Time Server:' your.time.server to capture drift:
sudo ntpdate -svd your.time.server | egrep offset

See Also

https://workbench.cisecurity.org/files/300