1.6.2 Ensure redundant NTP servers are configured appropriately

Information

These settings enable use of primary and secondary NTP servers to provide redundancy in case of a failure involving the primary NTP server.

Rationale:

NTP enables the device to maintain an accurate time and date when receiving updates from a reliable NTP server. Accurate timestamps are critical when correlating events with other systems, troubleshooting, or performing investigative work. Logs and certain cryptographic functions, such as those utilizing certificates, rely on accurate time and date parameters. In addition, rules referencing a Schedule object will not function as intended if the device's time and date are incorrect.

For additional security, authenticated NTP can be utilized. If Symmetric Key authentication is selected, only SHA1 should be used, as MD5 is considered severely compromised.

Most organizations will maintain a pair of internal NTP servers for all internal time services. These servers will either be self-contained atomic clocks, or will collect time from a known reliable source (often GPS or a well-known internet server pool will be used).

Solution

Navigate to Device > Setup > Services > Services.
Set Primary NTP Server Address appropriately.
Set Secondary NTP Server Address appropriately.

Default Value:

Not configured

See Also

https://workbench.cisecurity.org/benchmarks/13792

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-7, 800-53|AU-8, CSCv7|6.1

Plugin: Palo_Alto

Control ID: 0bdab6cdf573d2d236c64eb94d10f1915f480e6618c1522691f18cea902e6562