VCSA-70-000158 - The vCenter Server must compare internal information system clocks at least every 24 hours with an authoritative time server.

Information

Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside of the configured acceptable allowance (drift) may be inaccurate. Additionally, unnecessary synchronization may have an adverse impact on system performance and may indicate malicious activity.

Synchronizing internal information system clocks to an authoritative time server provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Open the VAMI by navigating to https://<vCenter server>:5480.

Log in with local operating system administrative credentials or with an SSO account that is a member of the 'SystemConfiguration.BashShellAdministrator' group.

Select 'Time' on the left navigation pane.

On the resulting pane on the right, click 'Edit' under 'Time Synchronization'.

Select 'NTP' for 'Mode' and enter a list of authorized time servers separated by commas. Click 'Save'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y24M01_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-8(1)(a), CAT|II, CCI|CCI-001891, Rule-ID|SV-256341r892804_rule, STIG-ID|VCSA-70-000158, Vuln-ID|V-256341

Plugin: VMware

Control ID: 610de64366a93dd8b76308e83635d447fa95b5098839e4dbadd0b3805b8febe9