>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SC-45System Time Synchronization

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Synchronize system clocks within and between systems and system components.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Time synchronization of system clocks is essential for the correct execution of many system services, including identification and authentication processes that involve certificates and time-of-day restrictions as part of access control. Denial of service or failure to deny expired credentials may result without properly synchronized clocks within and between systems and system components. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC.

The granularity of time measurements refers to the degree of synchronization between system clocks and reference clocks, such as clocks synchronizing within hundreds of milliseconds or tens of milliseconds. Organizations may define different time granularities for system components. Time service can be critical to other security capabilities--such as access control and identification and authentication--depending on the nature of the mechanisms used to support the capabilities.

>Related Controls

AC-3
AU-8
IA-2
IA-8

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of system time synchronization?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-45?

Technical Implementation:

  • How is system time synchronization technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that system time synchronization remains effective as the system evolves?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-45?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?

Ask AI

Configure your API key to use AI features.