SOL-11.1-090020 - The operating system must synchronize internal information system clocks with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).

Information

To assure the accuracy of the system clock, it must be synchronized with an authoritative time source within DOD. Many system functions, including time-based login and activity restrictions, automated reports, system logs, and audit records depend on an accurate system clock. If there is no confidence in the correctness of the system clock, time-based functions may not operate as intended and records may be of diminished value.

Solution

The root role is required.

Determine the zone to be secured.

# zonename

If the command output is not 'global', then NTP must be disabled.

# svcadm disable ntp

If the output from 'zonename' is 'global', then NTP must be enabled.

To activate the ntpd daemon, the ntp.conf file must first be created.

# cp /etc/inet/ntp.client /etc/inet/ntp.conf

# pfedit /etc/inet/ntp.conf

Make site-specific changes to this file as needed in the form.

server [ntpserver]

Locate the line containing maxpoll (if it exists).

Delete the line.

Start the ntpd daemon.

# svcadm enable ntp

Use a local authoritative time server synchronizing to an authorized DOD time source, a USNO-based time server, or a GPS. Ensure all systems in the facility feed from one or more local time servers that feed from the authoritative time server.

Edit the NTP configuration files and make the necessary changes to add the approved time servers per Solaris documentation.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_11_SPARC_V3R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-8(1), CAT|II, CCI|CCI-004926, Rule-ID|SV-219986r986414_rule, STIG-ID|SOL-11.1-090020, STIG-Legacy|SV-60857, STIG-Legacy|V-47985, Vuln-ID|V-219986

Plugin: Unix

Control ID: a5d66021c0d39635ed9874cb5cc374da458d0ba8b57a8e74e2fc23d4de366530