myctrl.tools
Compare

SC-45(2)Secondary Authoritative Time Source

>Control Description

a

Identify a secondary authoritative time source that is in a different geographic region than the primary authoritative time source; and

b

Synchronize the internal system clocks to the secondary authoritative time source if the primary authoritative time source is unavailable.

>Supplemental Guidance

It may be necessary to employ geolocation information to determine that the secondary authoritative time source is in a different geographic region.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of secondary authoritative time source?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-45(2)?

Technical Implementation:

  • How is secondary authoritative time source technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that secondary authoritative time source remains effective as the system evolves?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-45(2)?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?

Ask AI

Configure your API key to use AI features.