AU.L2-3.3.7—Authoritative Time Source
Level 2
800-171: 3.3.7
>Control Description
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for time synchronization across systems?
- •How do you select authoritative time sources?
- •What governance ensures consistent time synchronization configuration?
- •How often do you verify time synchronization is functioning correctly?
Technical Implementation:
- •What NTP servers serve as authoritative time sources?
- •How do you configure systems to synchronize time with authoritative sources?
- •What mechanisms verify systems are properly synchronized?
- •What time synchronization protocols are used (NTP, PTP)?
- •What tools monitor time synchronization status across systems?
Evidence & Documentation:
- •What audit logging configuration documentation can you provide?
- •What sample audit logs demonstrate required events are logged?
- •What audit log review documentation shows periodic review?
- •What SIEM screenshots show audit log aggregation and analysis?
- •What audit retention documentation shows logs are retained per policy?
- •What evidence shows audit logs are protected from modification?
Ask AI
Configure your API key to use AI features.